-
-
icon-cancel0xe800
-
icon-upload0xe801
-
icon-star0xe802
-
icon-star-empty0xe803
-
-
-
icon-retweet0xe804
-
icon-eye-off0xe805
-
icon-search0xe806
-
icon-cog0xe807
-
-
-
icon-logout0xe808
-
icon-down-open0xe809
-
icon-attach0xe80a
-
icon-picture0xe80b
-
-
-
icon-video0xe80c
-
icon-right-open0xe80d
-
icon-left-open0xe80e
-
icon-up-open0xe80f
-
-
-
icon-bell-ringing-o0xe810
-
icon-lock0xe811
-
icon-globe0xe812
-
icon-brush0xe813
-
-
-
icon-attention0xe814
-
icon-plus0xe815
-
icon-adjust0xe816
-
icon-edit0xe817
-
-
-
icon-pencil0xe818
-
icon-pin0xe819
-
icon-wrench0xe81a
-
icon-chart-bar0xe81b
-
-
-
icon-zoom-in0xe81c
-
icon-spin30xe832
-
icon-spin40xe834
-
icon-link-ext0xf08e
-
-
-
icon-link-ext-alt0xf08f
-
icon-menu0xf0c9
-
icon-mail-alt0xf0e0
-
icon-gauge0xf0e4
-
-
-
icon-comment-empty0xf0e5
-
icon-bell-alt0xf0f3
-
icon-plus-squared0xf0fe
-
icon-reply0xf112
-
-
-
icon-smile0xf118
-
icon-lock-open-alt0xf13e
-
icon-ellipsis0xf141
-
icon-play-circled0xf144
-
-
-
icon-thumbs-up-alt0xf164
-
icon-binoculars0xf1e5
-
icon-user-plus0xf234
-
-
-
-
-
\ No newline at end of file
diff --git a/priv/static/static/font/font/fontello.woff2 b/priv/static/static/font/font/fontello.woff2
deleted file mode 100755
index 078991eb8..000000000
Binary files a/priv/static/static/font/font/fontello.woff2 and /dev/null differ
diff --git a/priv/static/static/font/font/fontello.eot b/priv/static/static/font/fontello.1576166651574.eot
old mode 100755
new mode 100644
similarity index 98%
rename from priv/static/static/font/font/fontello.eot
rename to priv/static/static/font/fontello.1576166651574.eot
index 1703fd97f..fb27d4037
Binary files a/priv/static/static/font/font/fontello.eot and b/priv/static/static/font/fontello.1576166651574.eot differ
diff --git a/priv/static/static/font/font/fontello.svg b/priv/static/static/font/fontello.1576166651574.svg
similarity index 100%
rename from priv/static/static/font/font/fontello.svg
rename to priv/static/static/font/fontello.1576166651574.svg
diff --git a/priv/static/static/font/font/fontello.ttf b/priv/static/static/font/fontello.1576166651574.ttf
old mode 100755
new mode 100644
similarity index 99%
rename from priv/static/static/font/font/fontello.ttf
rename to priv/static/static/font/fontello.1576166651574.ttf
index e9ed78031..c49743ec6
Binary files a/priv/static/static/font/font/fontello.ttf and b/priv/static/static/font/fontello.1576166651574.ttf differ
diff --git a/priv/static/static/font/font/fontello.woff b/priv/static/static/font/fontello.1576166651574.woff
old mode 100755
new mode 100644
similarity index 98%
rename from priv/static/static/font/font/fontello.woff
rename to priv/static/static/font/fontello.1576166651574.woff
index 1d5025d3c..bbffd6413
Binary files a/priv/static/static/font/font/fontello.woff and b/priv/static/static/font/fontello.1576166651574.woff differ
diff --git a/priv/static/static/font/fontello.1576166651574.woff2 b/priv/static/static/font/fontello.1576166651574.woff2
new file mode 100644
index 000000000..d35dce862
Binary files /dev/null and b/priv/static/static/font/fontello.1576166651574.woff2 differ
diff --git a/priv/static/static/fontello.1576166651574.css b/priv/static/static/fontello.1576166651574.css
new file mode 100644
index 000000000..54f9fe05f
--- /dev/null
+++ b/priv/static/static/fontello.1576166651574.css
@@ -0,0 +1,124 @@
+@font-face {
+ font-family: "Icons";
+ src: url("./font/fontello.1576166651574.eot");
+ src: url("./font/fontello.1576166651574.eot") format("embedded-opentype"),
+ url("./font/fontello.1576166651574.woff2") format("woff2"),
+ url("./font/fontello.1576166651574.woff") format("woff"),
+ url("./font/fontello.1576166651574.ttf") format("truetype"),
+ url("./font/fontello.1576166651574.svg") format("svg");
+ font-weight: normal;
+ font-style: normal;
+}
+
+[class^="icon-"]::before,
+[class*=" icon-"]::before {
+ font-family: "Icons";
+ font-style: normal;
+ font-weight: normal;
+ speak: none;
+ display: inline-block;
+ text-decoration: inherit;
+ width: 1em;
+ margin-right: .2em;
+ text-align: center;
+ font-variant: normal;
+ text-transform: none;
+ line-height: 1em;
+ margin-left: .2em;
+ -webkit-font-smoothing: antialiased;
+ -moz-osx-font-smoothing: grayscale;
+}
+
+.icon-spin4::before { content: "\e834"; }
+
+.icon-cancel::before { content: "\e800"; }
+
+.icon-upload::before { content: "\e801"; }
+
+.icon-spin3::before { content: "\e832"; }
+
+.icon-reply::before { content: "\f112"; }
+
+.icon-star::before { content: "\e802"; }
+
+.icon-star-empty::before { content: "\e803"; }
+
+.icon-retweet::before { content: "\e804"; }
+
+.icon-eye-off::before { content: "\e805"; }
+
+.icon-binoculars::before { content: "\f1e5"; }
+
+.icon-cog::before { content: "\e807"; }
+
+.icon-user-plus::before { content: "\f234"; }
+
+.icon-menu::before { content: "\f0c9"; }
+
+.icon-logout::before { content: "\e808"; }
+
+.icon-down-open::before { content: "\e809"; }
+
+.icon-attach::before { content: "\e80a"; }
+
+.icon-link-ext::before { content: "\f08e"; }
+
+.icon-link-ext-alt::before { content: "\f08f"; }
+
+.icon-picture::before { content: "\e80b"; }
+
+.icon-video::before { content: "\e80c"; }
+
+.icon-right-open::before { content: "\e80d"; }
+
+.icon-left-open::before { content: "\e80e"; }
+
+.icon-up-open::before { content: "\e80f"; }
+
+.icon-comment-empty::before { content: "\f0e5"; }
+
+.icon-mail-alt::before { content: "\f0e0"; }
+
+.icon-lock::before { content: "\e811"; }
+
+.icon-lock-open-alt::before { content: "\f13e"; }
+
+.icon-globe::before { content: "\e812"; }
+
+.icon-brush::before { content: "\e813"; }
+
+.icon-search::before { content: "\e806"; }
+
+.icon-adjust::before { content: "\e816"; }
+
+.icon-thumbs-up-alt::before { content: "\f164"; }
+
+.icon-attention::before { content: "\e814"; }
+
+.icon-plus-squared::before { content: "\f0fe"; }
+
+.icon-plus::before { content: "\e815"; }
+
+.icon-edit::before { content: "\e817"; }
+
+.icon-play-circled::before { content: "\f144"; }
+
+.icon-pencil::before { content: "\e818"; }
+
+.icon-chart-bar::before { content: "\e81b"; }
+
+.icon-smile::before { content: "\f118"; }
+
+.icon-bell-alt::before { content: "\f0f3"; }
+
+.icon-wrench::before { content: "\e81a"; }
+
+.icon-pin::before { content: "\e819"; }
+
+.icon-ellipsis::before { content: "\f141"; }
+
+.icon-bell-ringing-o::before { content: "\e810"; }
+
+.icon-zoom-in::before { content: "\e81c"; }
+
+.icon-gauge::before { content: "\f0e4"; }
diff --git a/priv/static/static/font/config.json b/priv/static/static/fontello.json
similarity index 100%
rename from priv/static/static/font/config.json
rename to priv/static/static/fontello.json
diff --git a/priv/static/static/js/app.4ab7097a5650339b9e3d.js b/priv/static/static/js/app.4ab7097a5650339b9e3d.js
deleted file mode 100644
index 33141e412..000000000
Binary files a/priv/static/static/js/app.4ab7097a5650339b9e3d.js and /dev/null differ
diff --git a/priv/static/static/js/app.4ab7097a5650339b9e3d.js.map b/priv/static/static/js/app.4ab7097a5650339b9e3d.js.map
deleted file mode 100644
index b47e90c09..000000000
Binary files a/priv/static/static/js/app.4ab7097a5650339b9e3d.js.map and /dev/null differ
diff --git a/priv/static/static/js/app.a9b3f4c3e79baf3fa8b7.js b/priv/static/static/js/app.a9b3f4c3e79baf3fa8b7.js
new file mode 100644
index 000000000..124f284be
Binary files /dev/null and b/priv/static/static/js/app.a9b3f4c3e79baf3fa8b7.js differ
diff --git a/priv/static/static/js/app.a9b3f4c3e79baf3fa8b7.js.map b/priv/static/static/js/app.a9b3f4c3e79baf3fa8b7.js.map
new file mode 100644
index 000000000..7c369185e
Binary files /dev/null and b/priv/static/static/js/app.a9b3f4c3e79baf3fa8b7.js.map differ
diff --git a/priv/static/static/js/app.d20ca27d22d74eb7bce0.js b/priv/static/static/js/app.d20ca27d22d74eb7bce0.js
deleted file mode 100644
index 7abf2ec28..000000000
Binary files a/priv/static/static/js/app.d20ca27d22d74eb7bce0.js and /dev/null differ
diff --git a/priv/static/static/js/app.d20ca27d22d74eb7bce0.js.map b/priv/static/static/js/app.d20ca27d22d74eb7bce0.js.map
deleted file mode 100644
index 6c96ca5b2..000000000
Binary files a/priv/static/static/js/app.d20ca27d22d74eb7bce0.js.map and /dev/null differ
diff --git a/priv/static/static/js/vendors~app.76db8e4cdf29decd5cab.js b/priv/static/static/js/vendors~app.3f1ed7a4fdfc37ee27a7.js
similarity index 95%
rename from priv/static/static/js/vendors~app.76db8e4cdf29decd5cab.js
rename to priv/static/static/js/vendors~app.3f1ed7a4fdfc37ee27a7.js
index 135bdebb3..a64eee9a9 100644
Binary files a/priv/static/static/js/vendors~app.76db8e4cdf29decd5cab.js and b/priv/static/static/js/vendors~app.3f1ed7a4fdfc37ee27a7.js differ
diff --git a/priv/static/static/js/vendors~app.76db8e4cdf29decd5cab.js.map b/priv/static/static/js/vendors~app.3f1ed7a4fdfc37ee27a7.js.map
similarity index 78%
rename from priv/static/static/js/vendors~app.76db8e4cdf29decd5cab.js.map
rename to priv/static/static/js/vendors~app.3f1ed7a4fdfc37ee27a7.js.map
index 6513c0a0b..2e88b3ce2 100644
Binary files a/priv/static/static/js/vendors~app.76db8e4cdf29decd5cab.js.map and b/priv/static/static/js/vendors~app.3f1ed7a4fdfc37ee27a7.js.map differ
diff --git a/priv/static/sw-pleroma.js b/priv/static/sw-pleroma.js
index 276af8173..4738f3391 100644
Binary files a/priv/static/sw-pleroma.js and b/priv/static/sw-pleroma.js differ
diff --git a/priv/static/sw.js b/priv/static/sw.js
index c2de0cfe0..5605bb05e 100644
Binary files a/priv/static/sw.js and b/priv/static/sw.js differ
diff --git a/test/captcha_test.exs b/test/captcha_test.exs
index 9f395d6b4..393c8219e 100644
--- a/test/captcha_test.exs
+++ b/test/captcha_test.exs
@@ -8,6 +8,7 @@ defmodule Pleroma.CaptchaTest do
import Tesla.Mock
alias Pleroma.Captcha.Kocaptcha
+ alias Pleroma.Captcha.Native
@ets_options [:ordered_set, :private, :named_table, {:read_concurrency, true}]
@@ -43,4 +44,21 @@ test "new and validate" do
) == :ok
end
end
+
+ describe "Native" do
+ test "new and validate" do
+ new = Native.new()
+
+ assert %{
+ answer_data: answer,
+ token: token,
+ type: :native,
+ url: "data:image/png;base64," <> _
+ } = new
+
+ assert is_binary(answer)
+ assert :ok = Native.validate(token, answer, answer)
+ assert {:error, "Invalid CAPTCHA"} == Native.validate(token, answer, answer <> "foobar")
+ end
+ end
end
diff --git a/test/moderation_log_test.exs b/test/moderation_log_test.exs
index 4240f6a65..f2168b735 100644
--- a/test/moderation_log_test.exs
+++ b/test/moderation_log_test.exs
@@ -214,7 +214,7 @@ test "logging report response", %{moderator: moderator} do
{:ok, _} =
ModerationLog.insert_log(%{
actor: moderator,
- action: "report_response",
+ action: "report_note",
subject: report,
text: "look at this"
})
@@ -222,7 +222,7 @@ test "logging report response", %{moderator: moderator} do
log = Repo.one(ModerationLog)
assert log.data["message"] ==
- "@#{moderator.nickname} responded with 'look at this' to report ##{report.id}"
+ "@#{moderator.nickname} added note 'look at this' to report ##{report.id}"
end
test "logging status sensitivity update", %{moderator: moderator} do
diff --git a/test/plugs/oauth_scopes_plug_test.exs b/test/plugs/oauth_scopes_plug_test.exs
index be6d1340b..89f32f43a 100644
--- a/test/plugs/oauth_scopes_plug_test.exs
+++ b/test/plugs/oauth_scopes_plug_test.exs
@@ -224,4 +224,42 @@ test "filters scopes which directly match or are ancestors of supported scopes"
assert f.(["admin:read"], ["write", "admin"]) == ["admin:read"]
end
end
+
+ describe "transform_scopes/2" do
+ clear_config([:auth, :enforce_oauth_admin_scope_usage])
+
+ setup do
+ {:ok, %{f: &OAuthScopesPlug.transform_scopes/2}}
+ end
+
+ test "with :admin option, prefixes all requested scopes with `admin:` " <>
+ "and [optionally] keeps only prefixed scopes, " <>
+ "depending on `[:auth, :enforce_oauth_admin_scope_usage]` setting",
+ %{f: f} do
+ Pleroma.Config.put([:auth, :enforce_oauth_admin_scope_usage], false)
+
+ assert f.(["read"], %{admin: true}) == ["admin:read", "read"]
+
+ assert f.(["read", "write"], %{admin: true}) == [
+ "admin:read",
+ "read",
+ "admin:write",
+ "write"
+ ]
+
+ Pleroma.Config.put([:auth, :enforce_oauth_admin_scope_usage], true)
+
+ assert f.(["read:accounts"], %{admin: true}) == ["admin:read:accounts"]
+
+ assert f.(["read", "write:reports"], %{admin: true}) == [
+ "admin:read",
+ "admin:write:reports"
+ ]
+ end
+
+ test "with no supported options, returns unmodified scopes", %{f: f} do
+ assert f.(["read"], %{}) == ["read"]
+ assert f.(["read", "write"], %{}) == ["read", "write"]
+ end
+ end
end
diff --git a/test/plugs/user_is_admin_plug_test.exs b/test/plugs/user_is_admin_plug_test.exs
index 136dcc54e..bc6fcd73c 100644
--- a/test/plugs/user_is_admin_plug_test.exs
+++ b/test/plugs/user_is_admin_plug_test.exs
@@ -8,36 +8,116 @@ defmodule Pleroma.Plugs.UserIsAdminPlugTest do
alias Pleroma.Plugs.UserIsAdminPlug
import Pleroma.Factory
- test "accepts a user that is admin" do
- user = insert(:user, is_admin: true)
+ describe "unless [:auth, :enforce_oauth_admin_scope_usage]," do
+ clear_config([:auth, :enforce_oauth_admin_scope_usage]) do
+ Pleroma.Config.put([:auth, :enforce_oauth_admin_scope_usage], false)
+ end
- conn =
- build_conn()
- |> assign(:user, user)
+ test "accepts a user that is an admin" do
+ user = insert(:user, is_admin: true)
- ret_conn =
- conn
- |> UserIsAdminPlug.call(%{})
+ conn = assign(build_conn(), :user, user)
- assert conn == ret_conn
+ ret_conn = UserIsAdminPlug.call(conn, %{})
+
+ assert conn == ret_conn
+ end
+
+ test "denies a user that isn't an admin" do
+ user = insert(:user)
+
+ conn =
+ build_conn()
+ |> assign(:user, user)
+ |> UserIsAdminPlug.call(%{})
+
+ assert conn.status == 403
+ end
+
+ test "denies when a user isn't set" do
+ conn = UserIsAdminPlug.call(build_conn(), %{})
+
+ assert conn.status == 403
+ end
end
- test "denies a user that isn't admin" do
- user = insert(:user)
+ describe "with [:auth, :enforce_oauth_admin_scope_usage]," do
+ clear_config([:auth, :enforce_oauth_admin_scope_usage]) do
+ Pleroma.Config.put([:auth, :enforce_oauth_admin_scope_usage], true)
+ end
- conn =
- build_conn()
- |> assign(:user, user)
- |> UserIsAdminPlug.call(%{})
+ setup do
+ admin_user = insert(:user, is_admin: true)
+ non_admin_user = insert(:user, is_admin: false)
+ blank_user = nil
- assert conn.status == 403
- end
+ {:ok, %{users: [admin_user, non_admin_user, blank_user]}}
+ end
- test "denies when a user isn't set" do
- conn =
- build_conn()
- |> UserIsAdminPlug.call(%{})
+ test "if token has any of admin scopes, accepts a user that is an admin", %{conn: conn} do
+ user = insert(:user, is_admin: true)
+ token = insert(:oauth_token, user: user, scopes: ["admin:something"])
- assert conn.status == 403
+ conn =
+ conn
+ |> assign(:user, user)
+ |> assign(:token, token)
+
+ ret_conn = UserIsAdminPlug.call(conn, %{})
+
+ assert conn == ret_conn
+ end
+
+ test "if token has any of admin scopes, denies a user that isn't an admin", %{conn: conn} do
+ user = insert(:user, is_admin: false)
+ token = insert(:oauth_token, user: user, scopes: ["admin:something"])
+
+ conn =
+ conn
+ |> assign(:user, user)
+ |> assign(:token, token)
+ |> UserIsAdminPlug.call(%{})
+
+ assert conn.status == 403
+ end
+
+ test "if token has any of admin scopes, denies when a user isn't set", %{conn: conn} do
+ token = insert(:oauth_token, scopes: ["admin:something"])
+
+ conn =
+ conn
+ |> assign(:user, nil)
+ |> assign(:token, token)
+ |> UserIsAdminPlug.call(%{})
+
+ assert conn.status == 403
+ end
+
+ test "if token lacks admin scopes, denies users regardless of is_admin flag",
+ %{users: users} do
+ for user <- users do
+ token = insert(:oauth_token, user: user)
+
+ conn =
+ build_conn()
+ |> assign(:user, user)
+ |> assign(:token, token)
+ |> UserIsAdminPlug.call(%{})
+
+ assert conn.status == 403
+ end
+ end
+
+ test "if token is missing, denies users regardless of is_admin flag", %{users: users} do
+ for user <- users do
+ conn =
+ build_conn()
+ |> assign(:user, user)
+ |> assign(:token, nil)
+ |> UserIsAdminPlug.call(%{})
+
+ assert conn.status == 403
+ end
+ end
end
end
diff --git a/test/tasks/config_test.exs b/test/tasks/config_test.exs
index 9cd47380c..fab9d6e9a 100644
--- a/test/tasks/config_test.exs
+++ b/test/tasks/config_test.exs
@@ -63,4 +63,84 @@ test "settings are migrated to file and deleted from db", %{temp_file: temp_file
assert file =~ "config :pleroma, :setting_first,"
assert file =~ "config :pleroma, :setting_second,"
end
+
+ test "load a settings with large values and pass to file", %{temp_file: temp_file} do
+ Config.create(%{
+ group: "pleroma",
+ key: ":instance",
+ value: [
+ name: "Pleroma",
+ email: "example@example.com",
+ notify_email: "noreply@example.com",
+ description: "A Pleroma instance, an alternative fediverse server",
+ limit: 5_000,
+ chat_limit: 5_000,
+ remote_limit: 100_000,
+ upload_limit: 16_000_000,
+ avatar_upload_limit: 2_000_000,
+ background_upload_limit: 4_000_000,
+ banner_upload_limit: 4_000_000,
+ poll_limits: %{
+ max_options: 20,
+ max_option_chars: 200,
+ min_expiration: 0,
+ max_expiration: 365 * 24 * 60 * 60
+ },
+ registrations_open: true,
+ federating: true,
+ federation_incoming_replies_max_depth: 100,
+ federation_reachability_timeout_days: 7,
+ federation_publisher_modules: [Pleroma.Web.ActivityPub.Publisher],
+ allow_relay: true,
+ rewrite_policy: Pleroma.Web.ActivityPub.MRF.NoOpPolicy,
+ public: true,
+ quarantined_instances: [],
+ managed_config: true,
+ static_dir: "instance/static/",
+ allowed_post_formats: ["text/plain", "text/html", "text/markdown", "text/bbcode"],
+ mrf_transparency: true,
+ mrf_transparency_exclusions: [],
+ autofollowed_nicknames: [],
+ max_pinned_statuses: 1,
+ no_attachment_links: true,
+ welcome_user_nickname: nil,
+ welcome_message: nil,
+ max_report_comment_size: 1000,
+ safe_dm_mentions: false,
+ healthcheck: false,
+ remote_post_retention_days: 90,
+ skip_thread_containment: true,
+ limit_to_local_content: :unauthenticated,
+ dynamic_configuration: false,
+ user_bio_length: 5000,
+ user_name_length: 100,
+ max_account_fields: 10,
+ max_remote_account_fields: 20,
+ account_field_name_length: 512,
+ account_field_value_length: 2048,
+ external_user_synchronization: true,
+ extended_nickname_format: true,
+ multi_factor_authentication: [
+ totp: [
+ # digits 6 or 8
+ digits: 6,
+ period: 30
+ ],
+ backup_codes: [
+ number: 2,
+ length: 6
+ ]
+ ]
+ ]
+ })
+
+ Mix.Tasks.Pleroma.Config.run(["migrate_from_db", "temp", "true"])
+
+ assert Repo.all(Config) == []
+ assert File.exists?(temp_file)
+ {:ok, file} = File.read(temp_file)
+
+ assert file ==
+ "use Mix.Config\n\nconfig :pleroma, :instance,\n name: \"Pleroma\",\n email: \"example@example.com\",\n notify_email: \"noreply@example.com\",\n description: \"A Pleroma instance, an alternative fediverse server\",\n limit: 5000,\n chat_limit: 5000,\n remote_limit: 100_000,\n upload_limit: 16_000_000,\n avatar_upload_limit: 2_000_000,\n background_upload_limit: 4_000_000,\n banner_upload_limit: 4_000_000,\n poll_limits: %{\n max_expiration: 31_536_000,\n max_option_chars: 200,\n max_options: 20,\n min_expiration: 0\n },\n registrations_open: true,\n federating: true,\n federation_incoming_replies_max_depth: 100,\n federation_reachability_timeout_days: 7,\n federation_publisher_modules: [Pleroma.Web.ActivityPub.Publisher],\n allow_relay: true,\n rewrite_policy: Pleroma.Web.ActivityPub.MRF.NoOpPolicy,\n public: true,\n quarantined_instances: [],\n managed_config: true,\n static_dir: \"instance/static/\",\n allowed_post_formats: [\"text/plain\", \"text/html\", \"text/markdown\", \"text/bbcode\"],\n mrf_transparency: true,\n mrf_transparency_exclusions: [],\n autofollowed_nicknames: [],\n max_pinned_statuses: 1,\n no_attachment_links: true,\n welcome_user_nickname: nil,\n welcome_message: nil,\n max_report_comment_size: 1000,\n safe_dm_mentions: false,\n healthcheck: false,\n remote_post_retention_days: 90,\n skip_thread_containment: true,\n limit_to_local_content: :unauthenticated,\n dynamic_configuration: false,\n user_bio_length: 5000,\n user_name_length: 100,\n max_account_fields: 10,\n max_remote_account_fields: 20,\n account_field_name_length: 512,\n account_field_value_length: 2048,\n external_user_synchronization: true,\n extended_nickname_format: true,\n multi_factor_authentication: [\n totp: [digits: 6, period: 30],\n backup_codes: [number: 2, length: 6]\n ]\n"
+ end
end
diff --git a/test/user_test.exs b/test/user_test.exs
index bfa8faafa..d7ab63463 100644
--- a/test/user_test.exs
+++ b/test/user_test.exs
@@ -914,6 +914,16 @@ test "unblocks domains" do
refute User.blocks?(user, collateral_user)
end
+
+ test "follows take precedence over domain blocks" do
+ user = insert(:user)
+ good_eggo = insert(:user, %{ap_id: "https://meanies.social/user/cuteposter"})
+
+ {:ok, user} = User.block_domain(user, "meanies.social")
+ {:ok, user} = User.follow(user, good_eggo)
+
+ refute User.blocks?(user, good_eggo)
+ end
end
describe "blocks_import" do
diff --git a/test/web/activity_pub/activity_pub_test.exs b/test/web/activity_pub/activity_pub_test.exs
index 97844a407..ad1fb6d02 100644
--- a/test/web/activity_pub/activity_pub_test.exs
+++ b/test/web/activity_pub/activity_pub_test.exs
@@ -608,6 +608,39 @@ test "doesn't return activities from blocked domains" do
refute repeat_activity in activities
end
+ test "does return activities from followed users on blocked domains" do
+ domain = "meanies.social"
+ domain_user = insert(:user, %{ap_id: "https://#{domain}/@pundit"})
+ blocker = insert(:user)
+
+ {:ok, blocker} = User.follow(blocker, domain_user)
+ {:ok, blocker} = User.block_domain(blocker, domain)
+
+ assert User.following?(blocker, domain_user)
+ assert User.blocks_domain?(blocker, domain_user)
+ refute User.blocks?(blocker, domain_user)
+
+ note = insert(:note, %{data: %{"actor" => domain_user.ap_id}})
+ activity = insert(:note_activity, %{note: note})
+
+ activities =
+ ActivityPub.fetch_activities([], %{"blocking_user" => blocker, "skip_preload" => true})
+
+ assert activity in activities
+
+ # And check that if the guy we DO follow boosts someone else from their domain,
+ # that should be hidden
+ another_user = insert(:user, %{ap_id: "https://#{domain}/@meanie2"})
+ bad_note = insert(:note, %{data: %{"actor" => another_user.ap_id}})
+ bad_activity = insert(:note_activity, %{note: bad_note})
+ {:ok, repeat_activity, _} = CommonAPI.repeat(bad_activity.id, domain_user)
+
+ activities =
+ ActivityPub.fetch_activities([], %{"blocking_user" => blocker, "skip_preload" => true})
+
+ refute repeat_activity in activities
+ end
+
test "doesn't return muted activities" do
activity_one = insert(:note_activity)
activity_two = insert(:note_activity)
@@ -1592,6 +1625,38 @@ test "detects hidden follows/followers for friendica" do
end
end
+ describe "fetch_favourites/3" do
+ test "returns a favourite activities sorted by adds to favorite" do
+ user = insert(:user)
+ other_user = insert(:user)
+ user1 = insert(:user)
+ user2 = insert(:user)
+ {:ok, a1} = CommonAPI.post(user1, %{"status" => "bla"})
+ {:ok, _a2} = CommonAPI.post(user2, %{"status" => "traps are happy"})
+ {:ok, a3} = CommonAPI.post(user2, %{"status" => "Trees Are "})
+ {:ok, a4} = CommonAPI.post(user2, %{"status" => "Agent Smith "})
+ {:ok, a5} = CommonAPI.post(user1, %{"status" => "Red or Blue "})
+
+ {:ok, _, _} = CommonAPI.favorite(a4.id, user)
+ {:ok, _, _} = CommonAPI.favorite(a3.id, other_user)
+ Process.sleep(1000)
+ {:ok, _, _} = CommonAPI.favorite(a3.id, user)
+ {:ok, _, _} = CommonAPI.favorite(a5.id, other_user)
+ Process.sleep(1000)
+ {:ok, _, _} = CommonAPI.favorite(a5.id, user)
+ {:ok, _, _} = CommonAPI.favorite(a4.id, other_user)
+ Process.sleep(1000)
+ {:ok, _, _} = CommonAPI.favorite(a1.id, user)
+ {:ok, _, _} = CommonAPI.favorite(a1.id, other_user)
+ result = ActivityPub.fetch_favourites(user)
+
+ assert Enum.map(result, & &1.id) == [a1.id, a5.id, a3.id, a4.id]
+
+ result = ActivityPub.fetch_favourites(user, %{"limit" => 2})
+ assert Enum.map(result, & &1.id) == [a1.id, a5.id]
+ end
+ end
+
describe "Move activity" do
test "create" do
%{ap_id: old_ap_id} = old_user = insert(:user)
diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs
index 4148f04bc..49ff005b6 100644
--- a/test/web/admin_api/admin_api_controller_test.exs
+++ b/test/web/admin_api/admin_api_controller_test.exs
@@ -10,6 +10,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
alias Pleroma.HTML
alias Pleroma.ModerationLog
alias Pleroma.Repo
+ alias Pleroma.ReportNote
alias Pleroma.Tests.ObanHelpers
alias Pleroma.User
alias Pleroma.UserInviteToken
@@ -25,6 +26,60 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
:ok
end
+ clear_config([:auth, :enforce_oauth_admin_scope_usage]) do
+ Pleroma.Config.put([:auth, :enforce_oauth_admin_scope_usage], false)
+ end
+
+ describe "with [:auth, :enforce_oauth_admin_scope_usage]," do
+ clear_config([:auth, :enforce_oauth_admin_scope_usage]) do
+ Pleroma.Config.put([:auth, :enforce_oauth_admin_scope_usage], true)
+ end
+
+ test "GET /api/pleroma/admin/users/:nickname requires admin:read:accounts or broader scope" do
+ user = insert(:user)
+ admin = insert(:user, is_admin: true)
+ url = "/api/pleroma/admin/users/#{user.nickname}"
+
+ good_token1 = insert(:oauth_token, user: admin, scopes: ["admin"])
+ good_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read"])
+ good_token3 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts"])
+
+ bad_token1 = insert(:oauth_token, user: admin, scopes: ["read:accounts"])
+ bad_token2 = insert(:oauth_token, user: admin, scopes: ["admin:read:accounts:partial"])
+ bad_token3 = nil
+
+ for good_token <- [good_token1, good_token2, good_token3] do
+ conn =
+ build_conn()
+ |> assign(:user, admin)
+ |> assign(:token, good_token)
+ |> get(url)
+
+ assert json_response(conn, 200)
+ end
+
+ for good_token <- [good_token1, good_token2, good_token3] do
+ conn =
+ build_conn()
+ |> assign(:user, nil)
+ |> assign(:token, good_token)
+ |> get(url)
+
+ assert json_response(conn, :forbidden)
+ end
+
+ for bad_token <- [bad_token1, bad_token2, bad_token3] do
+ conn =
+ build_conn()
+ |> assign(:user, admin)
+ |> assign(:token, bad_token)
+ |> get(url)
+
+ assert json_response(conn, :forbidden)
+ end
+ end
+ end
+
describe "DELETE /api/pleroma/admin/users" do
test "single user" do
admin = insert(:user, is_admin: true)
@@ -98,7 +153,7 @@ test "Create" do
assert ["lain", "lain2"] -- Enum.map(log_entry.data["subjects"], & &1["nickname"]) == []
end
- test "Cannot create user with exisiting email" do
+ test "Cannot create user with existing email" do
admin = insert(:user, is_admin: true)
user = insert(:user)
@@ -129,7 +184,7 @@ test "Cannot create user with exisiting email" do
]
end
- test "Cannot create user with exisiting nickname" do
+ test "Cannot create user with existing nickname" do
admin = insert(:user, is_admin: true)
user = insert(:user)
@@ -1560,7 +1615,8 @@ test "returns 403 when requested by a non-admin" do
|> assign(:user, user)
|> get("/api/pleroma/admin/reports")
- assert json_response(conn, :forbidden) == %{"error" => "User is not admin."}
+ assert json_response(conn, :forbidden) ==
+ %{"error" => "User is not an admin or OAuth admin scope is not granted."}
end
test "returns 403 when requested by anonymous" do
@@ -1776,61 +1832,6 @@ test "account not empty if status was deleted", %{
end
end
- describe "POST /api/pleroma/admin/reports/:id/respond" do
- setup %{conn: conn} do
- admin = insert(:user, is_admin: true)
-
- %{conn: assign(conn, :user, admin), admin: admin}
- end
-
- test "returns created dm", %{conn: conn, admin: admin} do
- [reporter, target_user] = insert_pair(:user)
- activity = insert(:note_activity, user: target_user)
-
- {:ok, %{id: report_id}} =
- CommonAPI.report(reporter, %{
- "account_id" => target_user.id,
- "comment" => "I feel offended",
- "status_ids" => [activity.id]
- })
-
- response =
- conn
- |> post("/api/pleroma/admin/reports/#{report_id}/respond", %{
- "status" => "I will check it out"
- })
- |> json_response(:ok)
-
- recipients = Enum.map(response["mentions"], & &1["username"])
-
- assert reporter.nickname in recipients
- assert response["content"] == "I will check it out"
- assert response["visibility"] == "direct"
-
- log_entry = Repo.one(ModerationLog)
-
- assert ModerationLog.get_log_entry_message(log_entry) ==
- "@#{admin.nickname} responded with 'I will check it out' to report ##{
- response["id"]
- }"
- end
-
- test "returns 400 when status is missing", %{conn: conn} do
- conn = post(conn, "/api/pleroma/admin/reports/test/respond")
-
- assert json_response(conn, :bad_request) == "Invalid parameters"
- end
-
- test "returns 404 when report id is invalid", %{conn: conn} do
- conn =
- post(conn, "/api/pleroma/admin/reports/test/respond", %{
- "status" => "foo"
- })
-
- assert json_response(conn, :not_found) == "Not found"
- end
- end
-
describe "PUT /api/pleroma/admin/statuses/:id" do
setup %{conn: conn} do
admin = insert(:user, is_admin: true)
@@ -3027,6 +3028,77 @@ test "it resend emails for two users", %{admin: admin} do
}"
end
end
+
+ describe "POST /reports/:id/notes" do
+ setup do
+ admin = insert(:user, is_admin: true)
+ [reporter, target_user] = insert_pair(:user)
+ activity = insert(:note_activity, user: target_user)
+
+ {:ok, %{id: report_id}} =
+ CommonAPI.report(reporter, %{
+ "account_id" => target_user.id,
+ "comment" => "I feel offended",
+ "status_ids" => [activity.id]
+ })
+
+ build_conn()
+ |> assign(:user, admin)
+ |> post("/api/pleroma/admin/reports/#{report_id}/notes", %{
+ content: "this is disgusting!"
+ })
+
+ build_conn()
+ |> assign(:user, admin)
+ |> post("/api/pleroma/admin/reports/#{report_id}/notes", %{
+ content: "this is disgusting2!"
+ })
+
+ %{
+ admin_id: admin.id,
+ report_id: report_id,
+ admin: admin
+ }
+ end
+
+ test "it creates report note", %{admin_id: admin_id, report_id: report_id} do
+ [note, _] = Repo.all(ReportNote)
+
+ assert %{
+ activity_id: ^report_id,
+ content: "this is disgusting!",
+ user_id: ^admin_id
+ } = note
+ end
+
+ test "it returns reports with notes", %{admin: admin} do
+ conn =
+ build_conn()
+ |> assign(:user, admin)
+ |> get("/api/pleroma/admin/reports")
+
+ response = json_response(conn, 200)
+ notes = hd(response["reports"])["notes"]
+ [note, _] = notes
+
+ assert note["user"]["nickname"] == admin.nickname
+ assert note["content"] == "this is disgusting!"
+ assert note["created_at"]
+ assert response["total"] == 1
+ end
+
+ test "it deletes the note", %{admin: admin, report_id: report_id} do
+ assert ReportNote |> Repo.all() |> length() == 2
+
+ [note, _] = Repo.all(ReportNote)
+
+ build_conn()
+ |> assign(:user, admin)
+ |> delete("/api/pleroma/admin/reports/#{report_id}/notes/#{note.id}")
+
+ assert ReportNote |> Repo.all() |> length() == 1
+ end
+ end
end
# Needed for testing
diff --git a/test/web/admin_api/views/report_view_test.exs b/test/web/admin_api/views/report_view_test.exs
index ef4a806e4..a0c6eab3c 100644
--- a/test/web/admin_api/views/report_view_test.exs
+++ b/test/web/admin_api/views/report_view_test.exs
@@ -30,6 +30,7 @@ test "renders a report" do
Pleroma.Web.AdminAPI.AccountView.render("show.json", %{user: other_user})
),
statuses: [],
+ notes: [],
state: "open",
id: activity.id
}
@@ -65,6 +66,7 @@ test "includes reported statuses" do
),
statuses: [StatusView.render("show.json", %{activity: activity})],
state: "open",
+ notes: [],
id: report_activity.id
}
diff --git a/test/web/mastodon_api/controllers/search_controller_test.exs b/test/web/mastodon_api/controllers/search_controller_test.exs
index 7953fad62..34deeba47 100644
--- a/test/web/mastodon_api/controllers/search_controller_test.exs
+++ b/test/web/mastodon_api/controllers/search_controller_test.exs
@@ -165,15 +165,20 @@ test "search", %{conn: conn} do
assert status["id"] == to_string(activity.id)
end
- test "search fetches remote statuses", %{conn: conn} do
+ test "search fetches remote statuses and prefers them over other results", %{conn: conn} do
capture_log(fn ->
+ {:ok, %{id: activity_id}} =
+ CommonAPI.post(insert(:user), %{
+ "status" => "check out https://shitposter.club/notice/2827873"
+ })
+
conn =
conn
|> get("/api/v1/search", %{"q" => "https://shitposter.club/notice/2827873"})
assert results = json_response(conn, 200)
- [status] = results["statuses"]
+ [status, %{"id" => ^activity_id}] = results["statuses"]
assert status["uri"] ==
"tag:shitposter.club,2017-05-05:noticeId=2827873:objectType=comment"
diff --git a/test/web/mastodon_api/views/account_view_test.exs b/test/web/mastodon_api/views/account_view_test.exs
index 5e297d129..2107bb85c 100644
--- a/test/web/mastodon_api/views/account_view_test.exs
+++ b/test/web/mastodon_api/views/account_view_test.exs
@@ -66,6 +66,7 @@ test "Represent a user account" do
note: "valid html",
sensitive: false,
pleroma: %{
+ actor_type: "Person",
discoverable: false
},
fields: []
@@ -106,7 +107,8 @@ test "Represent a Service(bot) account" do
insert(:user, %{
follower_count: 3,
note_count: 5,
- source_data: %{"type" => "Service"},
+ source_data: %{},
+ actor_type: "Service",
nickname: "shp@shitposter.club",
inserted_at: ~N[2017-08-15 15:47:06.597036]
})
@@ -134,6 +136,7 @@ test "Represent a Service(bot) account" do
note: user.bio,
sensitive: false,
pleroma: %{
+ actor_type: "Service",
discoverable: false
},
fields: []
@@ -278,7 +281,8 @@ test "represent an embedded relationship" do
insert(:user, %{
follower_count: 0,
note_count: 5,
- source_data: %{"type" => "Service"},
+ source_data: %{},
+ actor_type: "Service",
nickname: "shp@shitposter.club",
inserted_at: ~N[2017-08-15 15:47:06.597036]
})
@@ -311,6 +315,7 @@ test "represent an embedded relationship" do
note: user.bio,
sensitive: false,
pleroma: %{
+ actor_type: "Service",
discoverable: false
},
fields: []
diff --git a/test/web/oauth/oauth_controller_test.exs b/test/web/oauth/oauth_controller_test.exs
index beb995cd8..901f2ae41 100644
--- a/test/web/oauth/oauth_controller_test.exs
+++ b/test/web/oauth/oauth_controller_test.exs
@@ -567,33 +567,41 @@ test "with existing authentication and OOB `redirect_uri`, redirects to app with
end
describe "POST /oauth/authorize" do
- test "redirects with oauth authorization" do
- user = insert(:user)
- app = insert(:oauth_app, scopes: ["read", "write", "follow"])
+ test "redirects with oauth authorization, " <>
+ "keeping only non-admin scopes for non-admin user" do
+ app = insert(:oauth_app, scopes: ["read", "write", "admin"])
redirect_uri = OAuthController.default_redirect_uri(app)
- conn =
- build_conn()
- |> post("/oauth/authorize", %{
- "authorization" => %{
- "name" => user.nickname,
- "password" => "test",
- "client_id" => app.client_id,
- "redirect_uri" => redirect_uri,
- "scope" => "read:subscope write",
- "state" => "statepassed"
- }
- })
+ non_admin = insert(:user, is_admin: false)
+ admin = insert(:user, is_admin: true)
- target = redirected_to(conn)
- assert target =~ redirect_uri
+ for {user, expected_scopes} <- %{
+ non_admin => ["read:subscope", "write"],
+ admin => ["read:subscope", "write", "admin"]
+ } do
+ conn =
+ build_conn()
+ |> post("/oauth/authorize", %{
+ "authorization" => %{
+ "name" => user.nickname,
+ "password" => "test",
+ "client_id" => app.client_id,
+ "redirect_uri" => redirect_uri,
+ "scope" => "read:subscope write admin",
+ "state" => "statepassed"
+ }
+ })
- query = URI.parse(target).query |> URI.query_decoder() |> Map.new()
+ target = redirected_to(conn)
+ assert target =~ redirect_uri
- assert %{"state" => "statepassed", "code" => code} = query
- auth = Repo.get_by(Authorization, token: code)
- assert auth
- assert auth.scopes == ["read:subscope", "write"]
+ query = URI.parse(target).query |> URI.query_decoder() |> Map.new()
+
+ assert %{"state" => "statepassed", "code" => code} = query
+ auth = Repo.get_by(Authorization, token: code)
+ assert auth
+ assert auth.scopes == expected_scopes
+ end
end
test "returns 401 for wrong credentials", %{conn: conn} do
@@ -623,31 +631,34 @@ test "returns 401 for wrong credentials", %{conn: conn} do
assert result =~ "Invalid Username/Password"
end
- test "returns 401 for missing scopes", %{conn: conn} do
- user = insert(:user)
- app = insert(:oauth_app)
+ test "returns 401 for missing scopes " <>
+ "(including all admin-only scopes for non-admin user)" do
+ user = insert(:user, is_admin: false)
+ app = insert(:oauth_app, scopes: ["read", "write", "admin"])
redirect_uri = OAuthController.default_redirect_uri(app)
- result =
- conn
- |> post("/oauth/authorize", %{
- "authorization" => %{
- "name" => user.nickname,
- "password" => "test",
- "client_id" => app.client_id,
- "redirect_uri" => redirect_uri,
- "state" => "statepassed",
- "scope" => ""
- }
- })
- |> html_response(:unauthorized)
+ for scope_param <- ["", "admin:read admin:write"] do
+ result =
+ build_conn()
+ |> post("/oauth/authorize", %{
+ "authorization" => %{
+ "name" => user.nickname,
+ "password" => "test",
+ "client_id" => app.client_id,
+ "redirect_uri" => redirect_uri,
+ "state" => "statepassed",
+ "scope" => scope_param
+ }
+ })
+ |> html_response(:unauthorized)
- # Keep the details
- assert result =~ app.client_id
- assert result =~ redirect_uri
+ # Keep the details
+ assert result =~ app.client_id
+ assert result =~ redirect_uri
- # Error message
- assert result =~ "This action is outside the authorized scopes"
+ # Error message
+ assert result =~ "This action is outside the authorized scopes"
+ end
end
test "returns 401 for scopes beyond app scopes hierarchy", %{conn: conn} do