defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do use Pleroma.DataCase alias Pleroma.Web.ActivityPub.Transmogrifier alias Pleroma.Web.ActivityPub.Utils alias Pleroma.Web.ActivityPub.ActivityPub alias Pleroma.Web.OStatus alias Pleroma.Activity alias Pleroma.User alias Pleroma.Repo alias Pleroma.Web.Websub.WebsubClientSubscription import Pleroma.Factory alias Pleroma.Web.CommonAPI import Tesla.Mock setup do mock(fn env -> apply(HttpRequestMock, :request, [env]) end) :ok end describe "handle_incoming" do test "it ignores an incoming notice if we already have it" do activity = insert(:note_activity) data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!() |> Map.put("object", activity.data["object"]) {:ok, returned_activity} = Transmogrifier.handle_incoming(data) assert activity == returned_activity end test "it fetches replied-to activities if we don't have them" do data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!() object = data["object"] |> Map.put("inReplyTo", "https://shitposter.club/notice/2827873") data = data |> Map.put("object", object) {:ok, returned_activity} = Transmogrifier.handle_incoming(data) assert activity = Activity.get_create_activity_by_object_ap_id( "tag:shitposter.club,2017-05-05:noticeId=2827873:objectType=comment" ) assert returned_activity.data["object"]["inReplyToAtomUri"] == "https://shitposter.club/notice/2827873" assert returned_activity.data["object"]["inReplyToStatusId"] == activity.id end test "it works for incoming notices" do data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!() {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) assert data["id"] == "http://mastodon.example.org/users/admin/statuses/99512778738411822/activity" assert data["context"] == "tag:mastodon.example.org,2018-02-12:objectId=20:objectType=Conversation" assert data["to"] == ["https://www.w3.org/ns/activitystreams#Public"] assert data["cc"] == [ "http://mastodon.example.org/users/admin/followers", "http://localtesting.pleroma.lol/users/lain" ] assert data["actor"] == "http://mastodon.example.org/users/admin" object = data["object"] assert object["id"] == "http://mastodon.example.org/users/admin/statuses/99512778738411822" assert object["to"] == ["https://www.w3.org/ns/activitystreams#Public"] assert object["cc"] == [ "http://mastodon.example.org/users/admin/followers", "http://localtesting.pleroma.lol/users/lain" ] assert object["actor"] == "http://mastodon.example.org/users/admin" assert object["attributedTo"] == "http://mastodon.example.org/users/admin" assert object["context"] == "tag:mastodon.example.org,2018-02-12:objectId=20:objectType=Conversation" assert object["sensitive"] == true user = User.get_by_ap_id(object["actor"]) assert user.info.note_count == 1 end test "it works for incoming notices with hashtags" do data = File.read!("test/fixtures/mastodon-post-activity-hashtag.json") |> Poison.decode!() {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) assert Enum.at(data["object"]["tag"], 2) == "moo" end test "it works for incoming notices with contentMap" do data = File.read!("test/fixtures/mastodon-post-activity-contentmap.json") |> Poison.decode!() {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) assert data["object"]["content"] == "

@lain

" end test "it works for incoming notices with to/cc not being an array (kroeg)" do data = File.read!("test/fixtures/kroeg-post-activity.json") |> Poison.decode!() {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) assert data["object"]["content"] == "

henlo from my Psion netBook

message sent from my Psion netBook

" end test "it works for incoming announces with actor being inlined (kroeg)" do data = File.read!("test/fixtures/kroeg-announce-with-inline-actor.json") |> Poison.decode!() {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) assert data["actor"] == "https://puckipedia.com/" end test "it works for incoming notices with tag not being an array (kroeg)" do data = File.read!("test/fixtures/kroeg-array-less-emoji.json") |> Poison.decode!() {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) assert data["object"]["emoji"] == %{ "icon_e_smile" => "https://puckipedia.com/forum/images/smilies/icon_e_smile.png" } data = File.read!("test/fixtures/kroeg-array-less-hashtag.json") |> Poison.decode!() {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) assert "test" in data["object"]["tag"] end test "it works for incoming notices with url not being a string (prismo)" do data = File.read!("test/fixtures/prismo-url-map.json") |> Poison.decode!() {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) assert data["object"]["url"] == "https://prismo.news/posts/83" end test "it works for incoming follow requests" do user = insert(:user) data = File.read!("test/fixtures/mastodon-follow-activity.json") |> Poison.decode!() |> Map.put("object", user.ap_id) {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) assert data["actor"] == "http://mastodon.example.org/users/admin" assert data["type"] == "Follow" assert data["id"] == "http://mastodon.example.org/users/admin#follows/2" assert User.following?(User.get_by_ap_id(data["actor"]), user) end test "it works for incoming follow requests from hubzilla" do user = insert(:user) data = File.read!("test/fixtures/hubzilla-follow-activity.json") |> Poison.decode!() |> Map.put("object", user.ap_id) |> Utils.normalize_params() {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) assert data["actor"] == "https://hubzilla.example.org/channel/kaniini" assert data["type"] == "Follow" assert data["id"] == "https://hubzilla.example.org/channel/kaniini#follows/2" assert User.following?(User.get_by_ap_id(data["actor"]), user) end test "it works for incoming likes" do user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{"status" => "hello"}) data = File.read!("test/fixtures/mastodon-like.json") |> Poison.decode!() |> Map.put("object", activity.data["object"]["id"]) {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) assert data["actor"] == "http://mastodon.example.org/users/admin" assert data["type"] == "Like" assert data["id"] == "http://mastodon.example.org/users/admin#likes/2" assert data["object"] == activity.data["object"]["id"] end test "it returns an error for incoming unlikes wihout a like activity" do user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{"status" => "leave a like pls"}) data = File.read!("test/fixtures/mastodon-undo-like.json") |> Poison.decode!() |> Map.put("object", activity.data["object"]["id"]) assert Transmogrifier.handle_incoming(data) == :error end test "it works for incoming unlikes with an existing like activity" do user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{"status" => "leave a like pls"}) like_data = File.read!("test/fixtures/mastodon-like.json") |> Poison.decode!() |> Map.put("object", activity.data["object"]["id"]) {:ok, %Activity{data: like_data, local: false}} = Transmogrifier.handle_incoming(like_data) data = File.read!("test/fixtures/mastodon-undo-like.json") |> Poison.decode!() |> Map.put("object", like_data) |> Map.put("actor", like_data["actor"]) {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) assert data["actor"] == "http://mastodon.example.org/users/admin" assert data["type"] == "Undo" assert data["id"] == "http://mastodon.example.org/users/admin#likes/2/undo" assert data["object"]["id"] == "http://mastodon.example.org/users/admin#likes/2" end test "it works for incoming announces" do data = File.read!("test/fixtures/mastodon-announce.json") |> Poison.decode!() {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) assert data["actor"] == "http://mastodon.example.org/users/admin" assert data["type"] == "Announce" assert data["id"] == "http://mastodon.example.org/users/admin/statuses/99542391527669785/activity" assert data["object"] == "http://mastodon.example.org/users/admin/statuses/99541947525187367" assert Activity.get_create_activity_by_object_ap_id(data["object"]) end test "it works for incoming announces with an existing activity" do user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{"status" => "hey"}) data = File.read!("test/fixtures/mastodon-announce.json") |> Poison.decode!() |> Map.put("object", activity.data["object"]["id"]) {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) assert data["actor"] == "http://mastodon.example.org/users/admin" assert data["type"] == "Announce" assert data["id"] == "http://mastodon.example.org/users/admin/statuses/99542391527669785/activity" assert data["object"] == activity.data["object"]["id"] assert Activity.get_create_activity_by_object_ap_id(data["object"]).id == activity.id end test "it works for incoming update activities" do data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!() {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) update_data = File.read!("test/fixtures/mastodon-update.json") |> Poison.decode!() object = update_data["object"] |> Map.put("actor", data["actor"]) |> Map.put("id", data["actor"]) update_data = update_data |> Map.put("actor", data["actor"]) |> Map.put("object", object) {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(update_data) user = User.get_cached_by_ap_id(data["actor"]) assert user.name == "gargle" assert user.avatar["url"] == [ %{ "href" => "https://cd.niu.moe/accounts/avatars/000/033/323/original/fd7f8ae0b3ffedc9.jpeg" } ] assert user.info.banner["url"] == [ %{ "href" => "https://cd.niu.moe/accounts/headers/000/033/323/original/850b3448fa5fd477.png" } ] assert user.bio == "

Some bio

" end test "it works for incoming update activities which lock the account" do data = File.read!("test/fixtures/mastodon-post-activity.json") |> Poison.decode!() {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) update_data = File.read!("test/fixtures/mastodon-update.json") |> Poison.decode!() object = update_data["object"] |> Map.put("actor", data["actor"]) |> Map.put("id", data["actor"]) |> Map.put("manuallyApprovesFollowers", true) update_data = update_data |> Map.put("actor", data["actor"]) |> Map.put("object", object) {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(update_data) user = User.get_cached_by_ap_id(data["actor"]) assert user.info.locked == true end test "it works for incoming deletes" do activity = insert(:note_activity) data = File.read!("test/fixtures/mastodon-delete.json") |> Poison.decode!() object = data["object"] |> Map.put("id", activity.data["object"]["id"]) data = data |> Map.put("object", object) |> Map.put("actor", activity.data["actor"]) {:ok, %Activity{local: false}} = Transmogrifier.handle_incoming(data) refute Repo.get(Activity, activity.id) end test "it fails for incoming deletes with spoofed origin" do activity = insert(:note_activity) data = File.read!("test/fixtures/mastodon-delete.json") |> Poison.decode!() object = data["object"] |> Map.put("id", activity.data["object"]["id"]) data = data |> Map.put("object", object) :error = Transmogrifier.handle_incoming(data) assert Repo.get(Activity, activity.id) end test "it works for incoming unannounces with an existing notice" do user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{"status" => "hey"}) announce_data = File.read!("test/fixtures/mastodon-announce.json") |> Poison.decode!() |> Map.put("object", activity.data["object"]["id"]) {:ok, %Activity{data: announce_data, local: false}} = Transmogrifier.handle_incoming(announce_data) data = File.read!("test/fixtures/mastodon-undo-announce.json") |> Poison.decode!() |> Map.put("object", announce_data) |> Map.put("actor", announce_data["actor"]) {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) assert data["type"] == "Undo" assert data["object"]["type"] == "Announce" assert data["object"]["object"] == activity.data["object"]["id"] assert data["object"]["id"] == "http://mastodon.example.org/users/admin/statuses/99542391527669785/activity" end test "it works for incomming unfollows with an existing follow" do user = insert(:user) follow_data = File.read!("test/fixtures/mastodon-follow-activity.json") |> Poison.decode!() |> Map.put("object", user.ap_id) {:ok, %Activity{data: _, local: false}} = Transmogrifier.handle_incoming(follow_data) data = File.read!("test/fixtures/mastodon-unfollow-activity.json") |> Poison.decode!() |> Map.put("object", follow_data) {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) assert data["type"] == "Undo" assert data["object"]["type"] == "Follow" assert data["object"]["object"] == user.ap_id assert data["actor"] == "http://mastodon.example.org/users/admin" refute User.following?(User.get_by_ap_id(data["actor"]), user) end test "it works for incoming blocks" do user = insert(:user) data = File.read!("test/fixtures/mastodon-block-activity.json") |> Poison.decode!() |> Map.put("object", user.ap_id) {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) assert data["type"] == "Block" assert data["object"] == user.ap_id assert data["actor"] == "http://mastodon.example.org/users/admin" blocker = User.get_by_ap_id(data["actor"]) assert User.blocks?(blocker, user) end test "incoming blocks successfully tear down any follow relationship" do blocker = insert(:user) blocked = insert(:user) data = File.read!("test/fixtures/mastodon-block-activity.json") |> Poison.decode!() |> Map.put("object", blocked.ap_id) |> Map.put("actor", blocker.ap_id) {:ok, blocker} = User.follow(blocker, blocked) {:ok, blocked} = User.follow(blocked, blocker) assert User.following?(blocker, blocked) assert User.following?(blocked, blocker) {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) assert data["type"] == "Block" assert data["object"] == blocked.ap_id assert data["actor"] == blocker.ap_id blocker = User.get_by_ap_id(data["actor"]) blocked = User.get_by_ap_id(data["object"]) assert User.blocks?(blocker, blocked) refute User.following?(blocker, blocked) refute User.following?(blocked, blocker) end test "it works for incoming unblocks with an existing block" do user = insert(:user) block_data = File.read!("test/fixtures/mastodon-block-activity.json") |> Poison.decode!() |> Map.put("object", user.ap_id) {:ok, %Activity{data: _, local: false}} = Transmogrifier.handle_incoming(block_data) data = File.read!("test/fixtures/mastodon-unblock-activity.json") |> Poison.decode!() |> Map.put("object", block_data) {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(data) assert data["type"] == "Undo" assert data["object"]["type"] == "Block" assert data["object"]["object"] == user.ap_id assert data["actor"] == "http://mastodon.example.org/users/admin" blocker = User.get_by_ap_id(data["actor"]) refute User.blocks?(blocker, user) end test "it works for incoming accepts which were pre-accepted" do follower = insert(:user) followed = insert(:user) {:ok, follower} = User.follow(follower, followed) assert User.following?(follower, followed) == true {:ok, follow_activity} = ActivityPub.follow(follower, followed) accept_data = File.read!("test/fixtures/mastodon-accept-activity.json") |> Poison.decode!() |> Map.put("actor", followed.ap_id) object = accept_data["object"] |> Map.put("actor", follower.ap_id) |> Map.put("id", follow_activity.data["id"]) accept_data = Map.put(accept_data, "object", object) {:ok, activity} = Transmogrifier.handle_incoming(accept_data) refute activity.local assert activity.data["object"] == follow_activity.data["id"] follower = Repo.get(User, follower.id) assert User.following?(follower, followed) == true end test "it works for incoming accepts which were orphaned" do follower = insert(:user) followed = insert(:user, %{info: %User.Info{locked: true}}) {:ok, follow_activity} = ActivityPub.follow(follower, followed) accept_data = File.read!("test/fixtures/mastodon-accept-activity.json") |> Poison.decode!() |> Map.put("actor", followed.ap_id) accept_data = Map.put(accept_data, "object", Map.put(accept_data["object"], "actor", follower.ap_id)) {:ok, activity} = Transmogrifier.handle_incoming(accept_data) assert activity.data["object"] == follow_activity.data["id"] follower = Repo.get(User, follower.id) assert User.following?(follower, followed) == true end test "it works for incoming accepts which are referenced by IRI only" do follower = insert(:user) followed = insert(:user, %{info: %User.Info{locked: true}}) {:ok, follow_activity} = ActivityPub.follow(follower, followed) accept_data = File.read!("test/fixtures/mastodon-accept-activity.json") |> Poison.decode!() |> Map.put("actor", followed.ap_id) |> Map.put("object", follow_activity.data["id"]) {:ok, activity} = Transmogrifier.handle_incoming(accept_data) assert activity.data["object"] == follow_activity.data["id"] follower = Repo.get(User, follower.id) assert User.following?(follower, followed) == true end test "it fails for incoming accepts which cannot be correlated" do follower = insert(:user) followed = insert(:user, %{info: %User.Info{locked: true}}) accept_data = File.read!("test/fixtures/mastodon-accept-activity.json") |> Poison.decode!() |> Map.put("actor", followed.ap_id) accept_data = Map.put(accept_data, "object", Map.put(accept_data["object"], "actor", follower.ap_id)) :error = Transmogrifier.handle_incoming(accept_data) follower = Repo.get(User, follower.id) refute User.following?(follower, followed) == true end test "it fails for incoming rejects which cannot be correlated" do follower = insert(:user) followed = insert(:user, %{info: %User.Info{locked: true}}) accept_data = File.read!("test/fixtures/mastodon-reject-activity.json") |> Poison.decode!() |> Map.put("actor", followed.ap_id) accept_data = Map.put(accept_data, "object", Map.put(accept_data["object"], "actor", follower.ap_id)) :error = Transmogrifier.handle_incoming(accept_data) follower = Repo.get(User, follower.id) refute User.following?(follower, followed) == true end test "it works for incoming rejects which are orphaned" do follower = insert(:user) followed = insert(:user, %{info: %User.Info{locked: true}}) {:ok, follower} = User.follow(follower, followed) {:ok, _follow_activity} = ActivityPub.follow(follower, followed) assert User.following?(follower, followed) == true reject_data = File.read!("test/fixtures/mastodon-reject-activity.json") |> Poison.decode!() |> Map.put("actor", followed.ap_id) reject_data = Map.put(reject_data, "object", Map.put(reject_data["object"], "actor", follower.ap_id)) {:ok, activity} = Transmogrifier.handle_incoming(reject_data) refute activity.local follower = Repo.get(User, follower.id) assert User.following?(follower, followed) == false end test "it works for incoming rejects which are referenced by IRI only" do follower = insert(:user) followed = insert(:user, %{info: %User.Info{locked: true}}) {:ok, follower} = User.follow(follower, followed) {:ok, follow_activity} = ActivityPub.follow(follower, followed) assert User.following?(follower, followed) == true reject_data = File.read!("test/fixtures/mastodon-reject-activity.json") |> Poison.decode!() |> Map.put("actor", followed.ap_id) |> Map.put("object", follow_activity.data["id"]) {:ok, %Activity{data: _}} = Transmogrifier.handle_incoming(reject_data) follower = Repo.get(User, follower.id) assert User.following?(follower, followed) == false end test "it rejects activities without a valid ID" do user = insert(:user) data = File.read!("test/fixtures/mastodon-follow-activity.json") |> Poison.decode!() |> Map.put("object", user.ap_id) |> Map.put("id", "") :error = Transmogrifier.handle_incoming(data) end end describe "prepare outgoing" do test "it turns mentions into tags" do user = insert(:user) other_user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{"status" => "hey, @#{other_user.nickname}, how are ya? #2hu"}) {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) object = modified["object"] expected_mention = %{ "href" => other_user.ap_id, "name" => "@#{other_user.nickname}", "type" => "Mention" } expected_tag = %{ "href" => Pleroma.Web.Endpoint.url() <> "/tags/2hu", "type" => "Hashtag", "name" => "#2hu" } assert Enum.member?(object["tag"], expected_tag) assert Enum.member?(object["tag"], expected_mention) end test "it adds the sensitive property" do user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{"status" => "#nsfw hey"}) {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) assert modified["object"]["sensitive"] end test "it adds the json-ld context and the conversation property" do user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{"status" => "hey"}) {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) assert modified["@context"] == Pleroma.Web.ActivityPub.Utils.make_json_ld_header()["@context"] assert modified["object"]["conversation"] == modified["context"] end test "it sets the 'attributedTo' property to the actor of the object if it doesn't have one" do user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{"status" => "hey"}) {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) assert modified["object"]["actor"] == modified["object"]["attributedTo"] end test "it translates ostatus IDs to external URLs" do incoming = File.read!("test/fixtures/incoming_note_activity.xml") {:ok, [referent_activity]} = OStatus.handle_incoming(incoming) user = insert(:user) {:ok, activity, _} = CommonAPI.favorite(referent_activity.id, user) {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) assert modified["object"] == "http://gs.example.org:4040/index.php/notice/29" end test "it translates ostatus reply_to IDs to external URLs" do incoming = File.read!("test/fixtures/incoming_note_activity.xml") {:ok, [referred_activity]} = OStatus.handle_incoming(incoming) user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{"status" => "HI!", "in_reply_to_status_id" => referred_activity.id}) {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) assert modified["object"]["inReplyTo"] == "http://gs.example.org:4040/index.php/notice/29" end test "it strips internal hashtag data" do user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{"status" => "#2hu"}) expected_tag = %{ "href" => Pleroma.Web.Endpoint.url() <> "/tags/2hu", "type" => "Hashtag", "name" => "#2hu" } {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) assert modified["object"]["tag"] == [expected_tag] end test "it strips internal fields" do user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{"status" => "#2hu :moominmamma:"}) {:ok, modified} = Transmogrifier.prepare_outgoing(activity.data) assert length(modified["object"]["tag"]) == 2 assert is_nil(modified["object"]["emoji"]) assert is_nil(modified["object"]["likes"]) assert is_nil(modified["object"]["like_count"]) assert is_nil(modified["object"]["announcements"]) assert is_nil(modified["object"]["announcement_count"]) assert is_nil(modified["object"]["context_id"]) end end describe "user upgrade" do test "it upgrades a user to activitypub" do user = insert(:user, %{ nickname: "rye@niu.moe", local: false, ap_id: "https://niu.moe/users/rye", follower_address: User.ap_followers(%User{nickname: "rye@niu.moe"}) }) user_two = insert(:user, %{following: [user.follower_address]}) {:ok, activity} = CommonAPI.post(user, %{"status" => "test"}) {:ok, unrelated_activity} = CommonAPI.post(user_two, %{"status" => "test"}) assert "http://localhost:4001/users/rye@niu.moe/followers" in activity.recipients user = Repo.get(User, user.id) assert user.info.note_count == 1 {:ok, user} = Transmogrifier.upgrade_user_from_ap_id("https://niu.moe/users/rye") assert user.info.ap_enabled assert user.info.note_count == 1 assert user.follower_address == "https://niu.moe/users/rye/followers" # Wait for the background task :timer.sleep(1000) user = Repo.get(User, user.id) assert user.info.note_count == 1 activity = Repo.get(Activity, activity.id) assert user.follower_address in activity.recipients assert %{ "url" => [ %{ "href" => "https://cdn.niu.moe/accounts/avatars/000/033/323/original/fd7f8ae0b3ffedc9.jpeg" } ] } = user.avatar assert %{ "url" => [ %{ "href" => "https://cdn.niu.moe/accounts/headers/000/033/323/original/850b3448fa5fd477.png" } ] } = user.info.banner refute "..." in activity.recipients unrelated_activity = Repo.get(Activity, unrelated_activity.id) refute user.follower_address in unrelated_activity.recipients user_two = Repo.get(User, user_two.id) assert user.follower_address in user_two.following refute "..." in user_two.following end end describe "maybe_retire_websub" do test "it deletes all websub client subscripitions with the user as topic" do subscription = %WebsubClientSubscription{topic: "https://niu.moe/users/rye.atom"} {:ok, ws} = Repo.insert(subscription) subscription = %WebsubClientSubscription{topic: "https://niu.moe/users/pasty.atom"} {:ok, ws2} = Repo.insert(subscription) Transmogrifier.maybe_retire_websub("https://niu.moe/users/rye") refute Repo.get(WebsubClientSubscription, ws.id) assert Repo.get(WebsubClientSubscription, ws2.id) end end describe "actor rewriting" do test "it fixes the actor URL property to be a proper URI" do data = %{ "url" => %{"href" => "http://example.com"} } rewritten = Transmogrifier.maybe_fix_user_object(data) assert rewritten["url"] == "http://example.com" end end describe "actor origin containment" do test "it rejects objects with a bogus origin" do {:error, _} = ActivityPub.fetch_object_from_id("https://info.pleroma.site/activity.json") end test "it rejects activities which reference objects with bogus origins" do data = %{ "@context" => "https://www.w3.org/ns/activitystreams", "id" => "http://mastodon.example.org/users/admin/activities/1234", "actor" => "http://mastodon.example.org/users/admin", "to" => ["https://www.w3.org/ns/activitystreams#Public"], "object" => "https://info.pleroma.site/activity.json", "type" => "Announce" } :error = Transmogrifier.handle_incoming(data) end test "it rejects objects when attributedTo is wrong (variant 1)" do {:error, _} = ActivityPub.fetch_object_from_id("https://info.pleroma.site/activity2.json") end test "it rejects activities which reference objects that have an incorrect attribution (variant 1)" do data = %{ "@context" => "https://www.w3.org/ns/activitystreams", "id" => "http://mastodon.example.org/users/admin/activities/1234", "actor" => "http://mastodon.example.org/users/admin", "to" => ["https://www.w3.org/ns/activitystreams#Public"], "object" => "https://info.pleroma.site/activity2.json", "type" => "Announce" } :error = Transmogrifier.handle_incoming(data) end test "it rejects objects when attributedTo is wrong (variant 2)" do {:error, _} = ActivityPub.fetch_object_from_id("https://info.pleroma.site/activity3.json") end test "it rejects activities which reference objects that have an incorrect attribution (variant 2)" do data = %{ "@context" => "https://www.w3.org/ns/activitystreams", "id" => "http://mastodon.example.org/users/admin/activities/1234", "actor" => "http://mastodon.example.org/users/admin", "to" => ["https://www.w3.org/ns/activitystreams#Public"], "object" => "https://info.pleroma.site/activity3.json", "type" => "Announce" } :error = Transmogrifier.handle_incoming(data) end end describe "general origin containment" do test "contain_origin_from_id() catches obvious spoofing attempts" do data = %{ "id" => "http://example.com/~alyssa/activities/1234.json" } :error = Transmogrifier.contain_origin_from_id( "http://example.org/~alyssa/activities/1234.json", data ) end test "contain_origin_from_id() allows alternate IDs within the same origin domain" do data = %{ "id" => "http://example.com/~alyssa/activities/1234.json" } :ok = Transmogrifier.contain_origin_from_id( "http://example.com/~alyssa/activities/1234", data ) end test "contain_origin_from_id() allows matching IDs" do data = %{ "id" => "http://example.com/~alyssa/activities/1234.json" } :ok = Transmogrifier.contain_origin_from_id( "http://example.com/~alyssa/activities/1234.json", data ) end test "users cannot be collided through fake direction spoofing attempts" do user = insert(:user, %{ nickname: "rye@niu.moe", local: false, ap_id: "https://niu.moe/users/rye", follower_address: User.ap_followers(%User{nickname: "rye@niu.moe"}) }) {:error, _} = User.get_or_fetch_by_ap_id("https://n1u.moe/users/rye") end test "all objects with fake directions are rejected by the object fetcher" do {:error, _} = ActivityPub.fetch_and_contain_remote_object_from_id( "https://info.pleroma.site/activity4.json" ) end end end