05f8179d08
previously we would uncritically take data and format it into tags for static-fe and the like - however, instances can be configured to disallow unauthenticated access to these resources. this means that OG tags as a vector for information leakage. _technically_ this should only occur if you have both restrict_unauthenticated *AND* you run static-fe, which makes no sense since static-fe is for unauthenticated people in particular, but hey ho.
213 lines
7.1 KiB
Elixir
213 lines
7.1 KiB
Elixir
# Pleroma: A lightweight social networking server
|
|
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
defmodule Pleroma.Web.Metadata.Providers.OpenGraphTest do
|
|
use Pleroma.DataCase, async: false
|
|
import Pleroma.Factory
|
|
alias Pleroma.Web.Metadata.Providers.OpenGraph
|
|
|
|
setup do: clear_config([Pleroma.Web.Metadata, :unfurl_nsfw])
|
|
setup do: clear_config([Pleroma.Upload, :uploader], Pleroma.Uploaders.Local)
|
|
setup do: clear_config([:restrict_unauthenticated, :profiles, :local])
|
|
setup do: clear_config([:restrict_unauthenticated, :activities, :local])
|
|
|
|
test "it renders all supported types of attachments and skips unknown types" do
|
|
user = insert(:user)
|
|
|
|
note =
|
|
insert(:note, %{
|
|
data: %{
|
|
"actor" => user.ap_id,
|
|
"tag" => [],
|
|
"id" => "https://pleroma.gov/objects/whatever",
|
|
"content" => "pleroma in a nutshell",
|
|
"attachment" => [
|
|
%{
|
|
"url" => [
|
|
%{
|
|
"mediaType" => "image/png",
|
|
"href" => "https://pleroma.gov/tenshi.png",
|
|
"height" => 1024,
|
|
"width" => 1280
|
|
}
|
|
]
|
|
},
|
|
%{
|
|
"url" => [
|
|
%{
|
|
"mediaType" => "application/octet-stream",
|
|
"href" => "https://pleroma.gov/fqa/badapple.sfc"
|
|
}
|
|
]
|
|
},
|
|
%{
|
|
"url" => [
|
|
%{
|
|
"mediaType" => "video/webm",
|
|
"href" => "https://pleroma.gov/about/juche.webm",
|
|
"height" => 600,
|
|
"width" => 800
|
|
}
|
|
]
|
|
},
|
|
%{
|
|
"url" => [
|
|
%{
|
|
"mediaType" => "audio/basic",
|
|
"href" => "http://www.gnu.org/music/free-software-song.au"
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
})
|
|
|
|
result = OpenGraph.build_tags(%{object: note, url: note.data["id"], user: user})
|
|
|
|
assert Enum.all?(
|
|
[
|
|
{:meta, [property: "og:image", content: "https://pleroma.gov/tenshi.png"], []},
|
|
{:meta, [property: "og:image:width", content: "1280"], []},
|
|
{:meta, [property: "og:image:height", content: "1024"], []},
|
|
{:meta,
|
|
[property: "og:audio", content: "http://www.gnu.org/music/free-software-song.au"],
|
|
[]},
|
|
{:meta, [property: "og:video", content: "https://pleroma.gov/about/juche.webm"],
|
|
[]},
|
|
{:meta, [property: "og:video:width", content: "800"], []},
|
|
{:meta, [property: "og:video:height", content: "600"], []}
|
|
],
|
|
fn element -> element in result end
|
|
)
|
|
end
|
|
|
|
test "it does not render attachments if post is nsfw" do
|
|
clear_config([Pleroma.Web.Metadata, :unfurl_nsfw], false)
|
|
user = insert(:user, avatar: %{"url" => [%{"href" => "https://pleroma.gov/tenshi.png"}]})
|
|
|
|
note =
|
|
insert(:note, %{
|
|
data: %{
|
|
"actor" => user.ap_id,
|
|
"id" => "https://pleroma.gov/objects/whatever",
|
|
"content" => "#cuteposting #nsfw #hambaga",
|
|
"tag" => ["cuteposting", "nsfw", "hambaga"],
|
|
"sensitive" => true,
|
|
"attachment" => [
|
|
%{
|
|
"url" => [
|
|
%{"mediaType" => "image/png", "href" => "https://misskey.microsoft/corndog.png"}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
})
|
|
|
|
result = OpenGraph.build_tags(%{object: note, url: note.data["id"], user: user})
|
|
|
|
assert {:meta, [property: "og:image", content: "https://pleroma.gov/tenshi.png"], []} in result
|
|
|
|
refute {:meta, [property: "og:image", content: "https://misskey.microsoft/corndog.png"], []} in result
|
|
end
|
|
|
|
test "video attachments have image thumbnail with WxH metadata with Preview Proxy enabled" do
|
|
clear_config([:media_proxy, :enabled], true)
|
|
clear_config([:media_preview_proxy, :enabled], true)
|
|
user = insert(:user)
|
|
|
|
note =
|
|
insert(:note, %{
|
|
data: %{
|
|
"actor" => user.ap_id,
|
|
"id" => "https://pleroma.gov/objects/whatever",
|
|
"content" => "test video post",
|
|
"sensitive" => false,
|
|
"attachment" => [
|
|
%{
|
|
"url" => [
|
|
%{
|
|
"mediaType" => "video/webm",
|
|
"href" => "https://pleroma.gov/about/juche.webm",
|
|
"height" => 600,
|
|
"width" => 800
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
})
|
|
|
|
result = OpenGraph.build_tags(%{object: note, url: note.data["id"], user: user})
|
|
|
|
assert {:meta, [property: "og:image:width", content: "800"], []} in result
|
|
assert {:meta, [property: "og:image:height", content: "600"], []} in result
|
|
|
|
assert {:meta,
|
|
[
|
|
property: "og:image",
|
|
content:
|
|
"http://localhost:4001/proxy/preview/LzAnlke-l5oZbNzWsrHfprX1rGw/aHR0cHM6Ly9wbGVyb21hLmdvdi9hYm91dC9qdWNoZS53ZWJt/juche.webm"
|
|
], []} in result
|
|
end
|
|
|
|
test "video attachments have no image thumbnail with Preview Proxy disabled" do
|
|
clear_config([:media_proxy, :enabled], true)
|
|
clear_config([:media_preview_proxy, :enabled], false)
|
|
user = insert(:user)
|
|
|
|
note =
|
|
insert(:note, %{
|
|
data: %{
|
|
"actor" => user.ap_id,
|
|
"id" => "https://pleroma.gov/objects/whatever",
|
|
"content" => "test video post",
|
|
"sensitive" => false,
|
|
"attachment" => [
|
|
%{
|
|
"url" => [
|
|
%{
|
|
"mediaType" => "video/webm",
|
|
"href" => "https://pleroma.gov/about/juche.webm",
|
|
"height" => 600,
|
|
"width" => 800
|
|
}
|
|
]
|
|
}
|
|
]
|
|
}
|
|
})
|
|
|
|
result = OpenGraph.build_tags(%{object: note, url: note.data["id"], user: user})
|
|
|
|
refute {:meta, [property: "og:image:width", content: "800"], []} in result
|
|
refute {:meta, [property: "og:image:height", content: "600"], []} in result
|
|
|
|
refute {:meta,
|
|
[
|
|
property: "og:image",
|
|
content:
|
|
"http://localhost:4001/proxy/preview/LzAnlke-l5oZbNzWsrHfprX1rGw/aHR0cHM6Ly9wbGVyb21hLmdvdi9hYm91dC9qdWNoZS53ZWJt/juche.webm"
|
|
], []} in result
|
|
end
|
|
|
|
test "it does not render users if profiles are marked as restricted" do
|
|
clear_config([:restrict_unauthenticated, :profiles, :local], true)
|
|
|
|
user = insert(:user)
|
|
|
|
result = OpenGraph.build_tags(%{user: user})
|
|
assert Enum.empty?(result)
|
|
end
|
|
|
|
test "it does not activities users if they are marked as restricted" do
|
|
clear_config([:restrict_unauthenticated, :activities, :local], true)
|
|
|
|
user = insert(:user)
|
|
note = insert(:note, data: %{"actor" => user.ap_id})
|
|
|
|
result = OpenGraph.build_tags(%{object: note, url: note.data["id"], user: user})
|
|
|
|
assert {:meta, [property: "og:description", content: "Content cannot be displayed."], []} in result
|
|
end
|
|
end
|