2018-12-23 13:11:29 -07:00
# Pleroma: A lightweight social networking server
2021-01-12 23:49:20 -07:00
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
2018-12-23 13:11:29 -07:00
# SPDX-License-Identifier: AGPL-3.0-only
2017-09-15 06:17:36 -06:00
defmodule Pleroma.Web.CommonAPI.UtilsTest do
2019-03-04 19:52:23 -07:00
alias Pleroma.Builders.UserBuilder
2019-06-03 11:08:38 -06:00
alias Pleroma.Web.CommonAPI
2020-10-02 11:00:50 -06:00
alias Pleroma.Web.CommonAPI.ActivityDraft
2017-09-15 06:17:36 -06:00
alias Pleroma.Web.CommonAPI.Utils
2017-06-14 06:46:18 -06:00
use Pleroma.DataCase
2019-07-15 13:47:23 -06:00
import ExUnit.CaptureLog
2019-06-03 11:08:38 -06:00
import Pleroma.Factory
@public_address " https://www.w3.org/ns/activitystreams # Public "
2020-05-22 09:19:25 -06:00
describe " add_attachments/2 " do
setup do
name =
" Sakura Mana – "
2017-08-28 11:17:38 -06:00
2020-05-22 09:19:25 -06:00
attachment = %{
" url " = > [ %{ " href " = > URI . encode ( name ) } ]
}
2017-06-14 06:46:18 -06:00
2020-05-22 09:19:25 -06:00
%{ name : name , attachment : attachment }
end
2017-06-14 06:46:18 -06:00
2020-05-22 09:19:25 -06:00
test " it adds attachment links to a given text and attachment set " , %{
name : name ,
attachment : attachment
} do
len = 10
clear_config ( [ Pleroma.Upload , :filename_display_max_length ] , len )
expected =
" <br><a href= \" #{ URI . encode ( name ) } \" class='attachment'> #{ String . slice ( name , 0 . . len ) } …</a> "
assert Utils . add_attachments ( " " , [ attachment ] ) == expected
end
test " doesn't truncate file name if config for truncate is set to 0 " , %{
name : name ,
attachment : attachment
} do
clear_config ( [ Pleroma.Upload , :filename_display_max_length ] , 0 )
expected = " <br><a href= \" #{ URI . encode ( name ) } \" class='attachment'> #{ name } </a> "
assert Utils . add_attachments ( " " , [ attachment ] ) == expected
end
2017-06-14 06:46:18 -06:00
end
2018-05-11 05:32:59 -06:00
describe " it confirms the password given is the current users password " do
2018-05-13 07:56:59 -06:00
test " incorrect password given " do
2018-05-11 05:32:59 -06:00
{ :ok , user } = UserBuilder . insert ( )
2018-05-21 15:32:28 -06:00
assert Utils . confirm_current_password ( user , " " ) == { :error , " Invalid password. " }
2018-05-11 05:32:59 -06:00
end
2018-05-13 07:56:59 -06:00
test " correct password given " do
2018-05-11 05:32:59 -06:00
{ :ok , user } = UserBuilder . insert ( )
2018-05-21 15:32:28 -06:00
assert Utils . confirm_current_password ( user , " test " ) == { :ok , user }
2018-05-11 05:32:59 -06:00
end
end
2018-08-12 13:24:10 -06:00
2019-02-26 16:32:26 -07:00
describe " format_input/3 " do
2019-01-09 20:46:34 -07:00
test " works for bare text/plain " do
text = " hello world! "
expected = " hello world! "
2019-02-26 16:32:26 -07:00
{ output , [ ] , [ ] } = Utils . format_input ( text , " text/plain " )
2019-01-09 20:46:34 -07:00
assert output == expected
text = " hello world! \n \n second paragraph! "
expected = " hello world!<br><br>second paragraph! "
2019-02-26 16:32:26 -07:00
{ output , [ ] , [ ] } = Utils . format_input ( text , " text/plain " )
2019-01-09 20:46:34 -07:00
assert output == expected
end
test " works for bare text/html " do
text = " <p>hello world!</p> "
expected = " <p>hello world!</p> "
2019-02-26 16:32:26 -07:00
{ output , [ ] , [ ] } = Utils . format_input ( text , " text/html " )
2019-01-09 20:46:34 -07:00
assert output == expected
2020-02-12 19:39:47 -07:00
text = " <p>hello world!</p><br/> \n <p>second paragraph</p> "
expected = " <p>hello world!</p><br/> \n <p>second paragraph</p> "
2019-01-09 20:46:34 -07:00
2019-02-26 16:32:26 -07:00
{ output , [ ] , [ ] } = Utils . format_input ( text , " text/html " )
2019-01-09 20:46:34 -07:00
assert output == expected
end
test " works for bare text/markdown " do
text = " **hello world** "
2020-02-12 19:39:47 -07:00
expected = " <p><strong>hello world</strong></p> "
2019-01-09 20:46:34 -07:00
2019-02-26 16:32:26 -07:00
{ output , [ ] , [ ] } = Utils . format_input ( text , " text/markdown " )
2019-01-09 20:46:34 -07:00
assert output == expected
text = " **hello world** \n \n *another paragraph* "
2020-02-12 19:39:47 -07:00
expected = " <p><strong>hello world</strong></p><p><em>another paragraph</em></p> "
2019-01-09 20:46:34 -07:00
2019-02-26 16:32:26 -07:00
{ output , [ ] , [ ] } = Utils . format_input ( text , " text/markdown " )
assert output == expected
2019-02-27 01:40:30 -07:00
text = """
> cool quote
by someone
"""
2020-02-12 19:39:47 -07:00
expected = " <blockquote><p>cool quote</p></blockquote><p>by someone</p> "
2019-02-27 01:40:30 -07:00
{ output , [ ] , [ ] } = Utils . format_input ( text , " text/markdown " )
assert output == expected
2019-02-26 16:32:26 -07:00
end
2019-04-26 04:17:57 -06:00
test " works for bare text/bbcode " do
text = " [b]hello world[/b] "
expected = " <strong>hello world</strong> "
{ output , [ ] , [ ] } = Utils . format_input ( text , " text/bbcode " )
assert output == expected
text = " [b]hello world![/b] \n \n second paragraph! "
2020-02-12 19:39:47 -07:00
expected = " <strong>hello world!</strong><br><br>second paragraph! "
2019-04-26 16:38:56 -06:00
{ output , [ ] , [ ] } = Utils . format_input ( text , " text/bbcode " )
assert output == expected
text = " [b]hello world![/b] \n \n <strong>second paragraph!</strong> "
expected =
2020-02-12 19:39:47 -07:00
" <strong>hello world!</strong><br><br><strong>second paragraph!</strong> "
2019-04-26 04:17:57 -06:00
{ output , [ ] , [ ] } = Utils . format_input ( text , " text/bbcode " )
assert output == expected
end
2019-02-26 16:32:26 -07:00
test " works for text/markdown with mentions " do
{ :ok , user } =
UserBuilder . insert ( %{ nickname : " user__test " , ap_id : " http://foo.com/user__test " } )
text = " **hello world** \n \n *another @user__test and @user__test google.com paragraph* "
{ output , _ , _ } = Utils . format_input ( text , " text/markdown " )
2019-01-09 20:46:34 -07:00
2020-02-12 19:39:47 -07:00
assert output ==
2021-10-06 00:08:21 -06:00
~s( <p><strong>hello world</strong></p><p><em>another <span class="h-card"><a class="u-url mention" data-user=" #{ user . id } " href="http://foo.com/user__test" rel="ugc">@<span>user__test</span></a></span> and <span class="h-card"><a class="u-url mention" data-user=" #{ user . id } " href="http://foo.com/user__test" rel="ugc">@<span>user__test</span></a></span> <a href="http://google.com" rel="ugc">google.com</a> paragraph</em></p> )
2019-01-09 20:46:34 -07:00
end
end
2019-03-21 17:17:53 -06:00
2020-10-12 23:27:51 -06:00
describe " format_input/3 with markdown " do
test " Paragraph " do
code = ~s[ Hello \n \n World! ]
{ result , [ ] , [ ] } = Utils . format_input ( code , " text/markdown " )
assert result == " <p>Hello</p><p>World!</p> "
end
2020-10-13 17:09:49 -06:00
test " links " do
code = " https://en.wikipedia.org/wiki/Animal_Crossing_(video_game) "
{ result , [ ] , [ ] } = Utils . format_input ( code , " text/markdown " )
assert result == ~s[ <p><a href=" #{ code } "> #{ code } </a></p> ]
code = " https://github.com/pragdave/earmark/ "
{ result , [ ] , [ ] } = Utils . format_input ( code , " text/markdown " )
assert result == ~s[ <p><a href=" #{ code } "> #{ code } </a></p> ]
end
test " link with local mention " do
insert ( :user , %{ nickname : " lain " } )
code = " https://example.com/@lain "
{ result , [ ] , [ ] } = Utils . format_input ( code , " text/markdown " )
assert result == ~s[ <p><a href=" #{ code } "> #{ code } </a></p> ]
end
test " local mentions " do
mario = insert ( :user , %{ nickname : " mario " } )
luigi = insert ( :user , %{ nickname : " luigi " } )
code = " @mario @luigi yo what's up? "
{ result , _ , [ ] } = Utils . format_input ( code , " text/markdown " )
assert result ==
2021-10-06 00:08:21 -06:00
~s[ <p><span class="h-card"><a class="u-url mention" data-user=" #{ mario . id } " href=" #{ mario . ap_id } " rel="ugc">@<span>mario</span></a></span> <span class="h-card"><a class="u-url mention" data-user=" #{ luigi . id } " href=" #{ luigi . ap_id } " rel="ugc">@<span>luigi</span></a></span> yo what’ ]
2020-10-13 17:09:49 -06:00
end
test " remote mentions " do
2021-04-30 11:55:43 -06:00
mario = insert ( :user , %{ nickname : " mario@mushroom.world " , local : false } )
luigi = insert ( :user , %{ nickname : " luigi@mushroom.world " , local : false } )
2020-10-13 17:09:49 -06:00
2021-04-30 11:55:43 -06:00
code = " @mario@mushroom.world @luigi@mushroom.world yo what's up? "
2020-10-13 17:09:49 -06:00
{ result , _ , [ ] } = Utils . format_input ( code , " text/markdown " )
assert result ==
2021-10-06 00:08:21 -06:00
~s[ <p><span class="h-card"><a class="u-url mention" data-user=" #{ mario . id } " href=" #{ mario . ap_id } " rel="ugc">@<span>mario</span></a></span> <span class="h-card"><a class="u-url mention" data-user=" #{ luigi . id } " href=" #{ luigi . ap_id } " rel="ugc">@<span>luigi</span></a></span> yo what’ ]
2020-10-13 17:09:49 -06:00
end
2020-10-12 23:27:51 -06:00
test " raw HTML " do
code = ~s[ <a href="http://example.org/">OwO</a><!-- what's this?--> ]
{ result , [ ] , [ ] } = Utils . format_input ( code , " text/markdown " )
2020-10-13 13:27:50 -06:00
assert result == ~s[ <a href="http://example.org/">OwO</a> ]
2020-10-12 23:27:51 -06:00
end
test " rulers " do
code = ~s[ before \n \n ----- \n \n after ]
{ result , [ ] , [ ] } = Utils . format_input ( code , " text/markdown " )
2020-10-13 13:27:50 -06:00
assert result == " <p>before</p><hr/><p>after</p> "
2020-10-12 23:27:51 -06:00
end
test " blockquote " do
code = ~s[ > whoms't are you quoting? ]
{ result , [ ] , [ ] } = Utils . format_input ( code , " text/markdown " )
assert result == " <blockquote><p>whoms’ "
end
test " code " do
code = ~s[ `mix` ]
{ result , [ ] , [ ] } = Utils . format_input ( code , " text/markdown " )
assert result == ~s[ <p><code class="inline">mix</code></p> ]
code = ~s[ ``mix`` ]
{ result , [ ] , [ ] } = Utils . format_input ( code , " text/markdown " )
assert result == ~s[ <p><code class="inline">mix</code></p> ]
code = ~s[ ``` \n puts "Hello World" \n ``` ]
{ result , [ ] , [ ] } = Utils . format_input ( code , " text/markdown " )
2020-10-13 13:27:50 -06:00
assert result == ~s[ <pre><code>puts "Hello World"</code></pre> ]
2020-10-13 17:09:49 -06:00
code = ~s[ <div> \n </div> ]
{ result , [ ] , [ ] } = Utils . format_input ( code , " text/markdown " )
assert result == ~s[ <pre><code><div> \n </div></code></pre> ]
2020-10-12 23:27:51 -06:00
end
test " lists " do
code = ~s[ - one \n - two \n - three \n - four ]
{ result , [ ] , [ ] } = Utils . format_input ( code , " text/markdown " )
assert result == " <ul><li>one</li><li>two</li><li>three</li><li>four</li></ul> "
code = ~s[ 1. one \n 2. two \n 3. three \n 4. four \n ]
{ result , [ ] , [ ] } = Utils . format_input ( code , " text/markdown " )
assert result == " <ol><li>one</li><li>two</li><li>three</li><li>four</li></ol> "
end
test " delegated renderers " do
code = ~s[ *aaaa~* ]
{ result , [ ] , [ ] } = Utils . format_input ( code , " text/markdown " )
assert result == ~s[ <p><em>aaaa~</em></p> ]
code = ~s[ **aaaa~** ]
{ result , [ ] , [ ] } = Utils . format_input ( code , " text/markdown " )
assert result == ~s[ <p><strong>aaaa~</strong></p> ]
2020-10-13 01:08:41 -06:00
# strikethrough
2020-10-13 13:27:50 -06:00
code = ~s[ ~~aaaa~~~ ]
2020-10-12 23:27:51 -06:00
{ result , [ ] , [ ] } = Utils . format_input ( code , " text/markdown " )
2020-10-13 13:27:50 -06:00
assert result == ~s[ <p><del>aaaa</del>~</p> ]
2020-10-12 23:27:51 -06:00
end
end
2019-04-01 14:40:48 -06:00
describe " formats date to asctime " do
2019-04-02 03:25:51 -06:00
test " when date is in ISO 8601 format " do
date = DateTime . utc_now ( ) |> DateTime . to_iso8601 ( )
2019-04-01 14:40:48 -06:00
expected =
date
2019-04-02 03:25:51 -06:00
|> DateTime . from_iso8601 ( )
|> elem ( 1 )
2019-04-01 14:40:48 -06:00
|> Calendar.Strftime . strftime! ( " %a %b %d %H:%M:%S %z %Y " )
assert Utils . date_to_asctime ( date ) == expected
end
2019-04-02 03:25:51 -06:00
test " when date is a binary in wrong format " do
date = DateTime . utc_now ( )
2019-04-01 14:40:48 -06:00
2019-04-02 03:25:51 -06:00
expected = " "
2019-04-01 14:40:48 -06:00
2019-07-15 13:47:23 -06:00
assert capture_log ( fn ->
assert Utils . date_to_asctime ( date ) == expected
2022-06-11 09:14:22 -06:00
end ) =~ " [warning] Date #{ date } in wrong format, must be ISO 8601 "
2019-04-01 14:40:48 -06:00
end
2019-04-02 03:25:51 -06:00
test " when date is a Unix timestamp " do
date = DateTime . utc_now ( ) |> DateTime . to_unix ( )
2019-04-01 14:40:48 -06:00
2019-04-02 03:25:51 -06:00
expected = " "
2019-04-01 14:40:48 -06:00
2019-07-15 13:47:23 -06:00
assert capture_log ( fn ->
assert Utils . date_to_asctime ( date ) == expected
2022-06-11 09:14:22 -06:00
end ) =~ " [warning] Date #{ date } in wrong format, must be ISO 8601 "
2019-04-01 14:40:48 -06:00
end
2019-04-02 03:25:51 -06:00
test " when date is nil " do
expected = " "
2019-07-15 13:47:23 -06:00
assert capture_log ( fn ->
assert Utils . date_to_asctime ( nil ) == expected
2022-06-11 09:14:22 -06:00
end ) =~ " [warning] Date in wrong format, must be ISO 8601 "
2019-07-15 13:47:23 -06:00
end
test " when date is a random string " do
assert capture_log ( fn ->
assert Utils . date_to_asctime ( " foo " ) == " "
2022-06-11 09:14:22 -06:00
end ) =~ " [warning] Date foo in wrong format, must be ISO 8601 "
2019-04-02 03:25:51 -06:00
end
2019-04-01 14:40:48 -06:00
end
2019-06-03 11:08:38 -06:00
describe " get_to_and_cc " do
test " for public posts, not a reply " do
user = insert ( :user )
mentioned_user = insert ( :user )
2020-10-02 11:00:50 -06:00
draft = % ActivityDraft { user : user , mentions : [ mentioned_user . ap_id ] , visibility : " public " }
2019-06-03 11:08:38 -06:00
2020-10-02 11:00:50 -06:00
{ to , cc } = Utils . get_to_and_cc ( draft )
2019-06-03 11:08:38 -06:00
assert length ( to ) == 2
assert length ( cc ) == 1
assert @public_address in to
assert mentioned_user . ap_id in to
assert user . follower_address in cc
end
test " for public posts, a reply " do
user = insert ( :user )
mentioned_user = insert ( :user )
third_user = insert ( :user )
2020-05-12 13:59:26 -06:00
{ :ok , activity } = CommonAPI . post ( third_user , %{ status : " uguu " } )
2019-06-03 11:08:38 -06:00
2020-10-02 11:00:50 -06:00
draft = % ActivityDraft {
user : user ,
mentions : [ mentioned_user . ap_id ] ,
visibility : " public " ,
in_reply_to : activity
}
{ to , cc } = Utils . get_to_and_cc ( draft )
2019-06-03 11:08:38 -06:00
assert length ( to ) == 3
assert length ( cc ) == 1
assert @public_address in to
assert mentioned_user . ap_id in to
assert third_user . ap_id in to
assert user . follower_address in cc
end
test " for unlisted posts, not a reply " do
user = insert ( :user )
mentioned_user = insert ( :user )
2020-10-02 11:00:50 -06:00
draft = % ActivityDraft { user : user , mentions : [ mentioned_user . ap_id ] , visibility : " unlisted " }
2019-06-03 11:08:38 -06:00
2020-10-02 11:00:50 -06:00
{ to , cc } = Utils . get_to_and_cc ( draft )
2019-06-03 11:08:38 -06:00
assert length ( to ) == 2
assert length ( cc ) == 1
assert @public_address in cc
assert mentioned_user . ap_id in to
assert user . follower_address in to
end
test " for unlisted posts, a reply " do
user = insert ( :user )
mentioned_user = insert ( :user )
third_user = insert ( :user )
2020-05-12 13:59:26 -06:00
{ :ok , activity } = CommonAPI . post ( third_user , %{ status : " uguu " } )
2019-06-03 11:08:38 -06:00
2020-10-02 11:00:50 -06:00
draft = % ActivityDraft {
user : user ,
mentions : [ mentioned_user . ap_id ] ,
visibility : " unlisted " ,
in_reply_to : activity
}
{ to , cc } = Utils . get_to_and_cc ( draft )
2019-06-03 11:08:38 -06:00
assert length ( to ) == 3
assert length ( cc ) == 1
assert @public_address in cc
assert mentioned_user . ap_id in to
assert third_user . ap_id in to
assert user . follower_address in to
end
test " for private posts, not a reply " do
user = insert ( :user )
mentioned_user = insert ( :user )
2020-10-02 11:00:50 -06:00
draft = % ActivityDraft { user : user , mentions : [ mentioned_user . ap_id ] , visibility : " private " }
2019-06-03 11:08:38 -06:00
2020-10-02 11:00:50 -06:00
{ to , cc } = Utils . get_to_and_cc ( draft )
2019-06-03 11:08:38 -06:00
assert length ( to ) == 2
2020-01-20 03:53:14 -07:00
assert Enum . empty? ( cc )
2019-06-03 11:08:38 -06:00
assert mentioned_user . ap_id in to
assert user . follower_address in to
end
test " for private posts, a reply " do
user = insert ( :user )
mentioned_user = insert ( :user )
third_user = insert ( :user )
2020-05-12 13:59:26 -06:00
{ :ok , activity } = CommonAPI . post ( third_user , %{ status : " uguu " } )
2019-06-03 11:08:38 -06:00
2020-10-02 11:00:50 -06:00
draft = % ActivityDraft {
user : user ,
mentions : [ mentioned_user . ap_id ] ,
visibility : " private " ,
in_reply_to : activity
}
{ to , cc } = Utils . get_to_and_cc ( draft )
2019-06-03 11:08:38 -06:00
2020-05-20 05:38:47 -06:00
assert length ( to ) == 2
2020-01-20 03:53:14 -07:00
assert Enum . empty? ( cc )
2019-06-03 11:08:38 -06:00
assert mentioned_user . ap_id in to
assert user . follower_address in to
end
test " for direct posts, not a reply " do
user = insert ( :user )
mentioned_user = insert ( :user )
2020-10-02 11:00:50 -06:00
draft = % ActivityDraft { user : user , mentions : [ mentioned_user . ap_id ] , visibility : " direct " }
2019-06-03 11:08:38 -06:00
2020-10-02 11:00:50 -06:00
{ to , cc } = Utils . get_to_and_cc ( draft )
2019-06-03 11:08:38 -06:00
assert length ( to ) == 1
2020-01-20 03:53:14 -07:00
assert Enum . empty? ( cc )
2019-06-03 11:08:38 -06:00
assert mentioned_user . ap_id in to
end
test " for direct posts, a reply " do
user = insert ( :user )
mentioned_user = insert ( :user )
third_user = insert ( :user )
2020-05-12 13:59:26 -06:00
{ :ok , activity } = CommonAPI . post ( third_user , %{ status : " uguu " } )
2019-06-03 11:08:38 -06:00
2020-10-02 11:00:50 -06:00
draft = % ActivityDraft {
user : user ,
mentions : [ mentioned_user . ap_id ] ,
visibility : " direct " ,
in_reply_to : activity
}
{ to , cc } = Utils . get_to_and_cc ( draft )
2019-06-03 11:08:38 -06:00
2020-05-20 05:38:47 -06:00
assert length ( to ) == 1
assert Enum . empty? ( cc )
assert mentioned_user . ap_id in to
{ :ok , direct_activity } = CommonAPI . post ( third_user , %{ status : " uguu " , visibility : " direct " } )
2020-10-02 11:00:50 -06:00
draft = % ActivityDraft {
user : user ,
mentions : [ mentioned_user . ap_id ] ,
visibility : " direct " ,
in_reply_to : direct_activity
}
{ to , cc } = Utils . get_to_and_cc ( draft )
2020-05-20 05:38:47 -06:00
2019-06-03 11:08:38 -06:00
assert length ( to ) == 2
2020-01-20 03:53:14 -07:00
assert Enum . empty? ( cc )
2019-06-03 11:08:38 -06:00
assert mentioned_user . ap_id in to
assert third_user . ap_id in to
end
end
2019-07-31 12:35:15 -06:00
2019-08-05 09:37:05 -06:00
describe " to_master_date/1 " do
test " removes microseconds from date (NaiveDateTime) " do
assert Utils . to_masto_date ( ~N[ 2015-01-23 23:50:07.123 ] ) == " 2015-01-23T23:50:07.000Z "
end
test " removes microseconds from date (String) " do
assert Utils . to_masto_date ( " 2015-01-23T23:50:07.123Z " ) == " 2015-01-23T23:50:07.000Z "
end
2023-01-09 15:12:28 -07:00
test " returns unix epoch when date invalid " do
assert Utils . to_masto_date ( " 2015-01?23T23:50:07.123Z " ) == " 1970-01-01T00:00:00Z "
end
test " returns unix epoch when date is before the introduction of the Gregorian Calendar " do
assert Utils . to_masto_date ( " 0621-01-01T00:00:00Z " ) == " 1970-01-01T00:00:00Z "
end
test " returns unix epoch when date is BCE " do
assert Utils . to_masto_date ( " -0420-01-01T00:00:00Z " ) == " 1970-01-01T00:00:00Z "
2019-08-05 09:37:05 -06:00
end
end
describe " maybe_notify_mentioned_recipients/2 " do
test " returns recipients when activity is not `Create` " do
activity = insert ( :like_activity )
assert Utils . maybe_notify_mentioned_recipients ( [ " test " ] , activity ) == [ " test " ]
end
test " returns recipients from tag " do
user = insert ( :user )
object =
insert ( :note ,
user : user ,
data : %{
" tag " = > [
%{ " type " = > " Hashtag " } ,
" " ,
%{ " type " = > " Mention " , " href " = > " https://testing.pleroma.lol/users/lain " } ,
%{ " type " = > " Mention " , " href " = > " https://shitposter.club/user/5381 " } ,
%{ " type " = > " Mention " , " href " = > " https://shitposter.club/user/5381 " }
]
}
)
activity = insert ( :note_activity , user : user , note : object )
assert Utils . maybe_notify_mentioned_recipients ( [ " test " ] , activity ) == [
" test " ,
" https://testing.pleroma.lol/users/lain " ,
" https://shitposter.club/user/5381 "
]
end
test " returns recipients when object is map " do
user = insert ( :user )
object = insert ( :note , user : user )
activity =
insert ( :note_activity ,
user : user ,
note : object ,
data_attrs : %{
" object " = > %{
" tag " = > [
%{ " type " = > " Hashtag " } ,
" " ,
%{ " type " = > " Mention " , " href " = > " https://testing.pleroma.lol/users/lain " } ,
%{ " type " = > " Mention " , " href " = > " https://shitposter.club/user/5381 " } ,
%{ " type " = > " Mention " , " href " = > " https://shitposter.club/user/5381 " }
]
}
}
)
Pleroma.Repo . delete ( object )
assert Utils . maybe_notify_mentioned_recipients ( [ " test " ] , activity ) == [
" test " ,
" https://testing.pleroma.lol/users/lain " ,
" https://shitposter.club/user/5381 "
]
end
test " returns recipients when object not found " do
user = insert ( :user )
object = insert ( :note , user : user )
activity = insert ( :note_activity , user : user , note : object )
Pleroma.Repo . delete ( object )
2020-02-11 00:12:57 -07:00
obj_url = activity . data [ " object " ]
Tesla.Mock . mock ( fn
%{ method : :get , url : ^ obj_url } ->
% Tesla.Env { status : 404 , body : " " }
end )
2019-08-05 09:37:05 -06:00
assert Utils . maybe_notify_mentioned_recipients ( [ " test-test " ] , activity ) == [
" test-test "
]
end
end
describe " attachments_from_ids/1 " do
test " returns attachments without descs " do
Restrict media usage to owners
In Mastodon media can only be used by owners and only be associated with
a single post. We currently allow media to be associated with several
posts and until now did not limit their usage in posts to media owners.
However, media update and GET lookup was already limited to owners.
(In accordance with allowing media reuse, we also still allow GET
lookups of media already used in a post unlike Mastodon)
Allowing reuse isn’t problematic per se, but allowing use by non-owners
can be problematic if media ids of private-scoped posts can be guessed
since creating a new post with this media id will reveal the uploaded
file content and alt text.
Given media ids are currently just part of a sequentieal series shared
with some other objects, guessing media ids is with some persistence
indeed feasible.
E.g. sampline some public media ids from a real-world
instance with 112 total and 61 monthly-active users:
17.465.096 at t0
17.472.673 at t1 = t0 + 4h
17.473.248 at t2 = t1 + 20min
This gives about 30 new ids per minute of which most won't be
local media but remote and local posts, poll answers etc.
Assuming the default ratelimit of 15 post actions per 10s, scraping all
media for the 4h interval takes about 84 minutes and scraping the 20min
range mere 6.3 minutes. (Until the preceding commit, post updates were
not rate limited at all, allowing even faster scraping.)
If an attacker can infer (e.g. via reply to a follower-only post not
accessbile to the attacker) some sensitive information was uploaded
during a specific time interval and has some pointers regarding the
nature of the information, identifying the specific upload out of all
scraped media for this timerange is not impossible.
Thus restrict media usage to owners.
Checking ownership just in ActivitDraft would already be sufficient,
since when a scheduled status actually gets posted it goes through
ActivityDraft again, but would erroneously return a success status
when scheduling an illegal post.
Independently discovered and fixed by mint in Pleroma
https://git.pleroma.social/pleroma/pleroma/-/commit/1afde067b12ad0062c1820091ea9b0a680819281
2024-04-24 09:46:18 -06:00
user = insert ( :user )
2024-04-25 10:16:21 -06:00
object = insert ( :attachment , user : user )
Restrict media usage to owners
In Mastodon media can only be used by owners and only be associated with
a single post. We currently allow media to be associated with several
posts and until now did not limit their usage in posts to media owners.
However, media update and GET lookup was already limited to owners.
(In accordance with allowing media reuse, we also still allow GET
lookups of media already used in a post unlike Mastodon)
Allowing reuse isn’t problematic per se, but allowing use by non-owners
can be problematic if media ids of private-scoped posts can be guessed
since creating a new post with this media id will reveal the uploaded
file content and alt text.
Given media ids are currently just part of a sequentieal series shared
with some other objects, guessing media ids is with some persistence
indeed feasible.
E.g. sampline some public media ids from a real-world
instance with 112 total and 61 monthly-active users:
17.465.096 at t0
17.472.673 at t1 = t0 + 4h
17.473.248 at t2 = t1 + 20min
This gives about 30 new ids per minute of which most won't be
local media but remote and local posts, poll answers etc.
Assuming the default ratelimit of 15 post actions per 10s, scraping all
media for the 4h interval takes about 84 minutes and scraping the 20min
range mere 6.3 minutes. (Until the preceding commit, post updates were
not rate limited at all, allowing even faster scraping.)
If an attacker can infer (e.g. via reply to a follower-only post not
accessbile to the attacker) some sensitive information was uploaded
during a specific time interval and has some pointers regarding the
nature of the information, identifying the specific upload out of all
scraped media for this timerange is not impossible.
Thus restrict media usage to owners.
Checking ownership just in ActivitDraft would already be sufficient,
since when a scheduled status actually gets posted it goes through
ActivityDraft again, but would erroneously return a success status
when scheduling an illegal post.
Independently discovered and fixed by mint in Pleroma
https://git.pleroma.social/pleroma/pleroma/-/commit/1afde067b12ad0062c1820091ea9b0a680819281
2024-04-24 09:46:18 -06:00
assert Utils . attachments_from_ids ( user , %{ media_ids : [ " #{ object . id } " ] } ) == [ object . data ]
2019-08-05 09:37:05 -06:00
end
2024-04-25 10:16:21 -06:00
test " returns [] when passed non-media object ids " do
user = insert ( :user )
object = insert ( :note , user : user )
assert Utils . attachments_from_ids ( user , %{ media_ids : [ " #{ object . id } " ] } ) == [ ]
end
2019-08-05 09:37:05 -06:00
test " returns [] when not pass media_ids " do
Restrict media usage to owners
In Mastodon media can only be used by owners and only be associated with
a single post. We currently allow media to be associated with several
posts and until now did not limit their usage in posts to media owners.
However, media update and GET lookup was already limited to owners.
(In accordance with allowing media reuse, we also still allow GET
lookups of media already used in a post unlike Mastodon)
Allowing reuse isn’t problematic per se, but allowing use by non-owners
can be problematic if media ids of private-scoped posts can be guessed
since creating a new post with this media id will reveal the uploaded
file content and alt text.
Given media ids are currently just part of a sequentieal series shared
with some other objects, guessing media ids is with some persistence
indeed feasible.
E.g. sampline some public media ids from a real-world
instance with 112 total and 61 monthly-active users:
17.465.096 at t0
17.472.673 at t1 = t0 + 4h
17.473.248 at t2 = t1 + 20min
This gives about 30 new ids per minute of which most won't be
local media but remote and local posts, poll answers etc.
Assuming the default ratelimit of 15 post actions per 10s, scraping all
media for the 4h interval takes about 84 minutes and scraping the 20min
range mere 6.3 minutes. (Until the preceding commit, post updates were
not rate limited at all, allowing even faster scraping.)
If an attacker can infer (e.g. via reply to a follower-only post not
accessbile to the attacker) some sensitive information was uploaded
during a specific time interval and has some pointers regarding the
nature of the information, identifying the specific upload out of all
scraped media for this timerange is not impossible.
Thus restrict media usage to owners.
Checking ownership just in ActivitDraft would already be sufficient,
since when a scheduled status actually gets posted it goes through
ActivityDraft again, but would erroneously return a success status
when scheduling an illegal post.
Independently discovered and fixed by mint in Pleroma
https://git.pleroma.social/pleroma/pleroma/-/commit/1afde067b12ad0062c1820091ea9b0a680819281
2024-04-24 09:46:18 -06:00
user = insert ( :user )
assert Utils . attachments_from_ids ( user , %{ } ) == [ ]
2019-08-05 09:37:05 -06:00
end
end
describe " maybe_add_list_data/3 " do
test " adds list params when found user list " do
user = insert ( :user )
{ :ok , % Pleroma.List { } = list } = Pleroma.List . create ( " title " , user )
assert Utils . maybe_add_list_data ( %{ additional : %{ } , object : %{ } } , user , { :list , list . id } ) ==
%{
additional : %{ " bcc " = > [ list . ap_id ] , " listMessage " = > list . ap_id } ,
object : %{ " listMessage " = > list . ap_id }
}
end
test " returns original params when list not found " do
user = insert ( :user )
{ :ok , % Pleroma.List { } = list } = Pleroma.List . create ( " title " , insert ( :user ) )
assert Utils . maybe_add_list_data ( %{ additional : %{ } , object : %{ } } , user , { :list , list . id } ) ==
%{ additional : %{ } , object : %{ } }
end
end
describe " maybe_add_attachments/3 " do
2020-02-11 14:39:19 -07:00
test " returns parsed results when attachment_links is false " do
2019-08-05 09:37:05 -06:00
assert Utils . maybe_add_attachments (
{ " test " , [ ] , [ " tags " ] } ,
[ ] ,
2020-02-11 14:39:19 -07:00
false
2019-08-05 09:37:05 -06:00
) == { " test " , [ ] , [ " tags " ] }
end
test " adds attachments to parsed results " do
attachment = %{ " url " = > [ %{ " href " = > " SakuraPM.png " } ] }
assert Utils . maybe_add_attachments (
{ " test " , [ ] , [ " tags " ] } ,
[ attachment ] ,
2020-02-11 14:39:19 -07:00
true
2019-08-05 09:37:05 -06:00
) == {
" test<br><a href= \" SakuraPM.png \" class='attachment'>SakuraPM.png</a> " ,
[ ] ,
[ " tags " ]
}
end
end
2017-06-14 06:46:18 -06:00
end
