pleroma/test/web/activity_pub/object_validator_test.exs

# Pleroma: A lightweight social networking server
# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only

defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do
  use Pleroma.DataCase

  alias Pleroma.Object
  alias Pleroma.Web.ActivityPub.Builder
  alias Pleroma.Web.ActivityPub.ObjectValidator
  alias Pleroma.Web.ActivityPub.ObjectValidators.LikeValidator
  alias Pleroma.Web.ActivityPub.Utils
  alias Pleroma.Web.CommonAPI

  import Pleroma.Factory

  describe "Undos" do
    setup do
      user = insert(:user)
      {:ok, post_activity} = CommonAPI.post(user, %{status: "uguu"})
      {:ok, like} = CommonAPI.favorite(user, post_activity.id)
      {:ok, valid_like_undo, []} = Builder.undo(user, like)

      %{user: user, like: like, valid_like_undo: valid_like_undo}
    end

    test "it validates a basic like undo", %{valid_like_undo: valid_like_undo} do
      assert {:ok, _, _} = ObjectValidator.validate(valid_like_undo, [])
    end

    test "it does not validate if the actor of the undo is not the actor of the object", %{
      valid_like_undo: valid_like_undo
    } do
      other_user = insert(:user, ap_id: "https://gensokyo.2hu/users/raymoo")

      bad_actor =
        valid_like_undo
        |> Map.put("actor", other_user.ap_id)

      {:error, cng} = ObjectValidator.validate(bad_actor, [])

      assert {:actor, {"not the same as object actor", []}} in cng.errors
    end

    test "it does not validate if the object is missing", %{valid_like_undo: valid_like_undo} do
      missing_object =
        valid_like_undo
        |> Map.put("object", "https://gensokyo.2hu/objects/1")

      {:error, cng} = ObjectValidator.validate(missing_object, [])

      assert {:object, {"can't find object", []}} in cng.errors
      assert length(cng.errors) == 1
    end
  end

  describe "likes" do
    setup do
      user = insert(:user)
      {:ok, post_activity} = CommonAPI.post(user, %{status: "uguu"})

      valid_like = %{
        "to" => [user.ap_id],
        "cc" => [],
        "type" => "Like",
        "id" => Utils.generate_activity_id(),
        "object" => post_activity.data["object"],
        "actor" => user.ap_id,
        "context" => "a context"
      }

      %{valid_like: valid_like, user: user, post_activity: post_activity}
    end

    test "returns ok when called in the ObjectValidator", %{valid_like: valid_like} do
      {:ok, object, _meta} = ObjectValidator.validate(valid_like, [])

      assert "id" in Map.keys(object)
    end

    test "is valid for a valid object", %{valid_like: valid_like} do
      assert LikeValidator.cast_and_validate(valid_like).valid?
    end

    test "sets the 'to' field to the object actor if no recipients are given", %{
      valid_like: valid_like,
      user: user
    } do
      without_recipients =
        valid_like
        |> Map.delete("to")

      {:ok, object, _meta} = ObjectValidator.validate(without_recipients, [])

      assert object["to"] == [user.ap_id]
    end

    test "sets the context field to the context of the object if no context is given", %{
      valid_like: valid_like,
      post_activity: post_activity
    } do
      without_context =
        valid_like
        |> Map.delete("context")

      {:ok, object, _meta} = ObjectValidator.validate(without_context, [])

      assert object["context"] == post_activity.data["context"]
    end

    test "it errors when the actor is missing or not known", %{valid_like: valid_like} do
      without_actor = Map.delete(valid_like, "actor")

      refute LikeValidator.cast_and_validate(without_actor).valid?

      with_invalid_actor = Map.put(valid_like, "actor", "invalidactor")

      refute LikeValidator.cast_and_validate(with_invalid_actor).valid?
    end

    test "it errors when the object is missing or not known", %{valid_like: valid_like} do
      without_object = Map.delete(valid_like, "object")

      refute LikeValidator.cast_and_validate(without_object).valid?

      with_invalid_object = Map.put(valid_like, "object", "invalidobject")

      refute LikeValidator.cast_and_validate(with_invalid_object).valid?
    end

    test "it errors when the actor has already like the object", %{
      valid_like: valid_like,
      user: user,
      post_activity: post_activity
    } do
      _like = CommonAPI.favorite(user, post_activity.id)

      refute LikeValidator.cast_and_validate(valid_like).valid?
    end

    test "it works when actor or object are wrapped in maps", %{valid_like: valid_like} do
      wrapped_like =
        valid_like
        |> Map.put("actor", %{"id" => valid_like["actor"]})
        |> Map.put("object", %{"id" => valid_like["object"]})

      validated = LikeValidator.cast_and_validate(wrapped_like)

      assert validated.valid?

      assert {:actor, valid_like["actor"]} in validated.changes
      assert {:object, valid_like["object"]} in validated.changes
    end
  end

  describe "announces" do
    setup do
      user = insert(:user)
      announcer = insert(:user)
      {:ok, post_activity} = CommonAPI.post(user, %{status: "uguu"})

      object = Object.normalize(post_activity, false)
      {:ok, valid_announce, []} = Builder.announce(announcer, object)

      %{
        valid_announce: valid_announce,
        user: user,
        post_activity: post_activity,
        announcer: announcer
      }
    end

    test "returns ok for a valid announce", %{valid_announce: valid_announce} do
      assert {:ok, _object, _meta} = ObjectValidator.validate(valid_announce, [])
    end

    test "returns an error if the object can't be found", %{valid_announce: valid_announce} do
      without_object =
        valid_announce
        |> Map.delete("object")

      {:error, cng} = ObjectValidator.validate(without_object, [])

      assert {:object, {"can't be blank", [validation: :required]}} in cng.errors

      nonexisting_object =
        valid_announce
        |> Map.put("object", "https://gensokyo.2hu/objects/99999999")

      {:error, cng} = ObjectValidator.validate(nonexisting_object, [])

      assert {:object, {"can't find object", []}} in cng.errors
    end

    test "returns an error if we don't have the actor", %{valid_announce: valid_announce} do
      nonexisting_actor =
        valid_announce
        |> Map.put("actor", "https://gensokyo.2hu/users/raymoo")

      {:error, cng} = ObjectValidator.validate(nonexisting_actor, [])

      assert {:actor, {"can't find user", []}} in cng.errors
    end

    test "returns an error if the actor already announced the object", %{
      valid_announce: valid_announce,
      announcer: announcer,
      post_activity: post_activity
    } do
      _announce = CommonAPI.repeat(post_activity.id, announcer)

      {:error, cng} = ObjectValidator.validate(valid_announce, [])

      assert {:actor, {"already announced this object", []}} in cng.errors
      assert {:object, {"already announced by this actor", []}} in cng.errors
    end

    test "returns an error if the actor can't announce the object", %{
      announcer: announcer,
      user: user
    } do
      {:ok, post_activity} =
        CommonAPI.post(user, %{status: "a secret post", visibility: "private"})

      object = Object.normalize(post_activity, false)

      # Another user can't announce it
      {:ok, announce, []} = Builder.announce(announcer, object, public: false)

      {:error, cng} = ObjectValidator.validate(announce, [])

      assert {:actor, {"can not announce this object", []}} in cng.errors

      # The actor of the object can announce it
      {:ok, announce, []} = Builder.announce(user, object, public: false)

      assert {:ok, _, _} = ObjectValidator.validate(announce, [])

      # The actor of the object can not announce it publicly
      {:ok, announce, []} = Builder.announce(user, object, public: true)

      {:error, cng} = ObjectValidator.validate(announce, [])

      assert {:actor, {"can not announce this object publicly", []}} in cng.errors
    end
  end

  describe "updates" do
    setup do
      user = insert(:user)

      object = %{
        "id" => user.ap_id,
        "name" => "A new name",
        "summary" => "A new bio"
      }

      {:ok, valid_update, []} = Builder.update(user, object)

      %{user: user, valid_update: valid_update}
    end

    test "validates a basic object", %{valid_update: valid_update} do
      assert {:ok, _update, []} = ObjectValidator.validate(valid_update, [])
    end

    test "returns an error if the object can't be updated by the actor", %{
      valid_update: valid_update
    } do
      other_user = insert(:user)

      update =
        valid_update
        |> Map.put("actor", other_user.ap_id)

      assert {:error, _cng} = ObjectValidator.validate(update, [])
    end
  end

  describe "blocks" do
    setup do
      user = insert(:user, local: false)
      blocked = insert(:user)

      {:ok, valid_block, []} = Builder.block(user, blocked)

      %{user: user, valid_block: valid_block}
    end

    test "validates a basic object", %{
      valid_block: valid_block
    } do
      assert {:ok, _block, []} = ObjectValidator.validate(valid_block, [])
    end

    test "returns an error if we don't know the blocked user", %{
      valid_block: valid_block
    } do
      block =
        valid_block
        |> Map.put("object", "https://gensokyo.2hu/users/raymoo")

      assert {:error, _cng} = ObjectValidator.validate(block, [])
    end
  end
end