Add embed controller tests

This commit is contained in:
FloatingGhost 2023-07-17 19:18:21 +01:00
parent 16d2bfef80
commit c63ae73bc0
3 changed files with 63 additions and 7 deletions

View file

@ -11,22 +11,31 @@ defmodule Pleroma.Web.EmbedController do
alias Pleroma.Web.ActivityPub.Visibility alias Pleroma.Web.ActivityPub.Visibility
plug(:put_layout, :embed)
def show(conn, %{"id" => id}) do def show(conn, %{"id" => id}) do
with %Activity{local: true} = activity <- with {:activity, %Activity{} = activity} <-
Activity.get_by_id_with_object(id), {:activity, Activity.get_by_id_with_object(id)},
true <- Visibility.visible_for_user?(activity.object, nil) do {:local, true} <- {:local, activity.local},
{:visible, true} <- {:visible, Visibility.visible_for_user?(activity, nil)} do
{:ok, author} = User.get_or_fetch(activity.object.data["actor"]) {:ok, author} = User.get_or_fetch(activity.object.data["actor"])
conn conn
|> delete_resp_header("x-frame-options") |> delete_resp_header("x-frame-options")
|> delete_resp_header("content-security-policy") |> delete_resp_header("content-security-policy")
|> put_view(Pleroma.Web.EmbedView)
|> render("show.html", |> render("show.html",
activity: activity, activity: activity,
author: User.sanitize_html(author), author: User.sanitize_html(author),
counts: get_counts(activity) counts: get_counts(activity)
) )
else
{:activity, _} ->
render_error(conn, :not_found, "Post not found")
{:local, false} ->
render_error(conn, :unauthorized, "Federated posts cannot be embedded")
{:visible, false} ->
render_error(conn, :unauthorized, "Not authorized to view this post")
end end
end end

View file

@ -15,7 +15,7 @@ defmodule Pleroma.Web.EmbedView do
alias Pleroma.Web.Metadata.Utils alias Pleroma.Web.Metadata.Utils
alias Pleroma.Web.Router.Helpers alias Pleroma.Web.Router.Helpers
use Phoenix.HTML import Phoenix.HTML
defdelegate full_nickname(user), to: User defdelegate full_nickname(user), to: User
@ -55,10 +55,13 @@ defmodule Pleroma.Web.EmbedView do
data["url"] || data["external_url"] || data["id"] data["url"] || data["external_url"] || data["id"]
end end
defp attachments(%Activity{object: %Object{data: %{"attachment" => attachments}}}) do defp attachments(%Activity{object: %Object{data: %{"attachment" => attachments}}})
when is_list(attachments) do
attachments attachments
end end
defp attachments(_), do: []
defp sensitive?(%Activity{object: %Object{data: %{"sensitive" => sensitive}}}) do defp sensitive?(%Activity{object: %Object{data: %{"sensitive" => sensitive}}}) do
sensitive sensitive
end end

View file

@ -0,0 +1,44 @@
# Pleroma: A lightweight social networking server
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.EmbedControllerTest do
use Pleroma.Web.ConnCase, async: true
import Pleroma.Factory
test "/embed", %{conn: conn} do
activity = insert(:note_activity)
resp =
conn
|> get("/embed/#{activity.id}")
|> response(200)
object = Pleroma.Object.get_by_ap_id(activity.data["object"])
assert String.contains?(resp, object.data["content"])
end
test "/embed with a restricted post", %{conn: conn} do
activity = insert(:note_activity)
clear_config([:restrict_unauthenticated, :activities, :local], true)
conn
|> get("/embed/#{activity.id}")
|> response(401)
end
test "/embed with a private post", %{conn: conn} do
user = insert(:user)
{:ok, activity} =
Pleroma.Web.CommonAPI.post(user, %{
status: "Mega ultra chicken status: #fried",
visibility: "private"
})
conn
|> get("/embed/#{activity.id}")
|> response(401)
end
end