squeegily
/
pleroma
1
0
Rozštěpit 0
Zdrojový kód Úkoly 0 Požadavky na natažení 0 Vydání 42 Wiki Aktivita
Fork of Pleroma with site-specific changes and feature branches https://git.pleroma.social/pleroma/pleroma
Nelze vybrat více než 25 témat Téma musí začínat písmenem nebo číslem, může obsahovat pomlčky („-“) a může být dlouhé až 35 znaků.
13441 Revize
154 Větve
503MB
Strom: 359ded086c
Větve Značky
${ item.name }
Vytvořit větev ${ searchTerm }
z „359ded086c“
${ noResults }
pleroma/test/pleroma/web/activity_pub/mrf/simple_policy_test.exs

557 řádky
17KB
Surový Blame Historie 

  1. # Pleroma: A lightweight social networking server

  2. # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>

  3. # SPDX-License-Identifier: AGPL-3.0-only

  4. 

  5. defmodule Pleroma.Web.ActivityPub.MRF.SimplePolicyTest do

  6.   use Pleroma.DataCase

  7.   import Pleroma.Factory

  8.   alias Pleroma.Web.ActivityPub.MRF.SimplePolicy

  9.   alias Pleroma.Web.CommonAPI

  10. 

  11.   setup do:

  12.           clear_config(:mrf_simple,

  13.             media_removal: [],

  14.             media_nsfw: [],

  15.             federated_timeline_removal: [],

  16.             report_removal: [],

  17.             reject: [],

  18.             followers_only: [],

  19.             accept: [],

  20.             avatar_removal: [],

  21.             banner_removal: [],

  22.             reject_deletes: []

  23.           )

  24. 

  25.   describe "when :media_removal" do

  26.     test "is empty" do

  27.       clear_config([:mrf_simple, :media_removal], [])

  28.       media_message = build_media_message()

  29.       local_message = build_local_message()

  30. 

  31.       assert SimplePolicy.filter(media_message) == {:ok, media_message}

  32.       assert SimplePolicy.filter(local_message) == {:ok, local_message}

  33.     end

  34. 

  35.     test "has a matching host" do

  36.       clear_config([:mrf_simple, :media_removal], ["remote.instance"])

  37.       media_message = build_media_message()

  38.       local_message = build_local_message()

  39. 

  40.       assert SimplePolicy.filter(media_message) ==

  41.                {:ok,

  42.                 media_message

  43.                 |> Map.put("object", Map.delete(media_message["object"], "attachment"))}

  44. 

  45.       assert SimplePolicy.filter(local_message) == {:ok, local_message}

  46.     end

  47. 

  48.     test "match with wildcard domain" do

  49.       clear_config([:mrf_simple, :media_removal], ["*.remote.instance"])

  50.       media_message = build_media_message()

  51.       local_message = build_local_message()

  52. 

  53.       assert SimplePolicy.filter(media_message) ==

  54.                {:ok,

  55.                 media_message

  56.                 |> Map.put("object", Map.delete(media_message["object"], "attachment"))}

  57. 

  58.       assert SimplePolicy.filter(local_message) == {:ok, local_message}

  59.     end

  60.   end

  61. 

  62.   describe "when :media_nsfw" do

  63.     test "is empty" do

  64.       clear_config([:mrf_simple, :media_nsfw], [])

  65.       media_message = build_media_message()

  66.       local_message = build_local_message()

  67. 

  68.       assert SimplePolicy.filter(media_message) == {:ok, media_message}

  69.       assert SimplePolicy.filter(local_message) == {:ok, local_message}

  70.     end

  71. 

  72.     test "has a matching host" do

  73.       clear_config([:mrf_simple, :media_nsfw], ["remote.instance"])

  74.       media_message = build_media_message()

  75.       local_message = build_local_message()

  76. 

  77.       assert SimplePolicy.filter(media_message) ==

  78.                {:ok, put_in(media_message, ["object", "sensitive"], true)}

  79. 

  80.       assert SimplePolicy.filter(local_message) == {:ok, local_message}

  81.     end

  82. 

  83.     test "match with wildcard domain" do

  84.       clear_config([:mrf_simple, :media_nsfw], ["*.remote.instance"])

  85.       media_message = build_media_message()

  86.       local_message = build_local_message()

  87. 

  88.       assert SimplePolicy.filter(media_message) ==

  89.                {:ok, put_in(media_message, ["object", "sensitive"], true)}

  90. 

  91.       assert SimplePolicy.filter(local_message) == {:ok, local_message}

  92.     end

  93.   end

  94. 

  95.   defp build_media_message do

  96.     %{

  97.       "actor" => "https://remote.instance/users/bob",

  98.       "type" => "Create",

  99.       "object" => %{

  100.         "attachment" => [%{}],

  101.         "tag" => ["foo"],

  102.         "sensitive" => false

  103.       }

  104.     }

  105.   end

  106. 

  107.   describe "when :report_removal" do

  108.     test "is empty" do

  109.       clear_config([:mrf_simple, :report_removal], [])

  110.       report_message = build_report_message()

  111.       local_message = build_local_message()

  112. 

  113.       assert SimplePolicy.filter(report_message) == {:ok, report_message}

  114.       assert SimplePolicy.filter(local_message) == {:ok, local_message}

  115.     end

  116. 

  117.     test "has a matching host" do

  118.       clear_config([:mrf_simple, :report_removal], ["remote.instance"])

  119.       report_message = build_report_message()

  120.       local_message = build_local_message()

  121. 

  122.       assert {:reject, _} = SimplePolicy.filter(report_message)

  123.       assert SimplePolicy.filter(local_message) == {:ok, local_message}

  124.     end

  125. 

  126.     test "match with wildcard domain" do

  127.       clear_config([:mrf_simple, :report_removal], ["*.remote.instance"])

  128.       report_message = build_report_message()

  129.       local_message = build_local_message()

  130. 

  131.       assert {:reject, _} = SimplePolicy.filter(report_message)

  132.       assert SimplePolicy.filter(local_message) == {:ok, local_message}

  133.     end

  134.   end

  135. 

  136.   defp build_report_message do

  137.     %{

  138.       "actor" => "https://remote.instance/users/bob",

  139.       "type" => "Flag"

  140.     }

  141.   end

  142. 

  143.   describe "when :federated_timeline_removal" do

  144.     test "is empty" do

  145.       clear_config([:mrf_simple, :federated_timeline_removal], [])

  146.       {_, ftl_message} = build_ftl_actor_and_message()

  147.       local_message = build_local_message()

  148. 

  149.       assert SimplePolicy.filter(ftl_message) == {:ok, ftl_message}

  150.       assert SimplePolicy.filter(local_message) == {:ok, local_message}

  151.     end

  152. 

  153.     test "has a matching host" do

  154.       {actor, ftl_message} = build_ftl_actor_and_message()

  155. 

  156.       ftl_message_actor_host =

  157.         ftl_message

  158.         |> Map.fetch!("actor")

  159.         |> URI.parse()

  160.         |> Map.fetch!(:host)

  161. 

  162.       clear_config([:mrf_simple, :federated_timeline_removal], [ftl_message_actor_host])

  163.       local_message = build_local_message()

  164. 

  165.       assert {:ok, ftl_message} = SimplePolicy.filter(ftl_message)

  166.       assert actor.follower_address in ftl_message["to"]

  167.       refute actor.follower_address in ftl_message["cc"]

  168.       refute "https://www.w3.org/ns/activitystreams#Public" in ftl_message["to"]

  169.       assert "https://www.w3.org/ns/activitystreams#Public" in ftl_message["cc"]

  170. 

  171.       assert SimplePolicy.filter(local_message) == {:ok, local_message}

  172.     end

  173. 

  174.     test "match with wildcard domain" do

  175.       {actor, ftl_message} = build_ftl_actor_and_message()

  176. 

  177.       ftl_message_actor_host =

  178.         ftl_message

  179.         |> Map.fetch!("actor")

  180.         |> URI.parse()

  181.         |> Map.fetch!(:host)

  182. 

  183.       clear_config([:mrf_simple, :federated_timeline_removal], ["*." <> ftl_message_actor_host])

  184.       local_message = build_local_message()

  185. 

  186.       assert {:ok, ftl_message} = SimplePolicy.filter(ftl_message)

  187.       assert actor.follower_address in ftl_message["to"]

  188.       refute actor.follower_address in ftl_message["cc"]

  189.       refute "https://www.w3.org/ns/activitystreams#Public" in ftl_message["to"]

  190.       assert "https://www.w3.org/ns/activitystreams#Public" in ftl_message["cc"]

  191. 

  192.       assert SimplePolicy.filter(local_message) == {:ok, local_message}

  193.     end

  194. 

  195.     test "has a matching host but only as:Public in to" do

  196.       {_actor, ftl_message} = build_ftl_actor_and_message()

  197. 

  198.       ftl_message_actor_host =

  199.         ftl_message

  200.         |> Map.fetch!("actor")

  201.         |> URI.parse()

  202.         |> Map.fetch!(:host)

  203. 

  204.       ftl_message = Map.put(ftl_message, "cc", [])

  205. 

  206.       clear_config([:mrf_simple, :federated_timeline_removal], [ftl_message_actor_host])

  207. 

  208.       assert {:ok, ftl_message} = SimplePolicy.filter(ftl_message)

  209.       refute "https://www.w3.org/ns/activitystreams#Public" in ftl_message["to"]

  210.       assert "https://www.w3.org/ns/activitystreams#Public" in ftl_message["cc"]

  211.     end

  212.   end

  213. 

  214.   defp build_ftl_actor_and_message do

  215.     actor = insert(:user)

  216. 

  217.     {actor,

  218.      %{

  219.        "actor" => actor.ap_id,

  220.        "to" => ["https://www.w3.org/ns/activitystreams#Public", "http://foo.bar/baz"],

  221.        "cc" => [actor.follower_address, "http://foo.bar/qux"]

  222.      }}

  223.   end

  224. 

  225.   describe "when :reject" do

  226.     test "is empty" do

  227.       clear_config([:mrf_simple, :reject], [])

  228. 

  229.       remote_message = build_remote_message()

  230. 

  231.       assert SimplePolicy.filter(remote_message) == {:ok, remote_message}

  232.     end

  233. 

  234.     test "activity has a matching host" do

  235.       clear_config([:mrf_simple, :reject], ["remote.instance"])

  236. 

  237.       remote_message = build_remote_message()

  238. 

  239.       assert {:reject, _} = SimplePolicy.filter(remote_message)

  240.     end

  241. 

  242.     test "activity matches with wildcard domain" do

  243.       clear_config([:mrf_simple, :reject], ["*.remote.instance"])

  244. 

  245.       remote_message = build_remote_message()

  246. 

  247.       assert {:reject, _} = SimplePolicy.filter(remote_message)

  248.     end

  249. 

  250.     test "actor has a matching host" do

  251.       clear_config([:mrf_simple, :reject], ["remote.instance"])

  252. 

  253.       remote_user = build_remote_user()

  254. 

  255.       assert {:reject, _} = SimplePolicy.filter(remote_user)

  256.     end

  257. 

  258.     test "reject Announce when object would be rejected" do

  259.       clear_config([:mrf_simple, :reject], ["blocked.tld"])

  260. 

  261.       announce = %{

  262.         "type" => "Announce",

  263.         "actor" => "https://okay.tld/users/alice",

  264.         "object" => %{"type" => "Note", "actor" => "https://blocked.tld/users/bob"}

  265.       }

  266. 

  267.       assert {:reject, _} = SimplePolicy.filter(announce)

  268.     end

  269. 

  270.     test "reject by URI object" do

  271.       clear_config([:mrf_simple, :reject], ["blocked.tld"])

  272. 

  273.       announce = %{

  274.         "type" => "Announce",

  275.         "actor" => "https://okay.tld/users/alice",

  276.         "object" => "https://blocked.tld/activities/1"

  277.       }

  278. 

  279.       assert {:reject, _} = SimplePolicy.filter(announce)

  280.     end

  281.   end

  282. 

  283.   describe "when :followers_only" do

  284.     test "is empty" do

  285.       clear_config([:mrf_simple, :followers_only], [])

  286.       {_, ftl_message} = build_ftl_actor_and_message()

  287.       local_message = build_local_message()

  288. 

  289.       assert SimplePolicy.filter(ftl_message) == {:ok, ftl_message}

  290.       assert SimplePolicy.filter(local_message) == {:ok, local_message}

  291.     end

  292. 

  293.     test "has a matching host" do

  294.       actor = insert(:user)

  295.       following_user = insert(:user)

  296.       non_following_user = insert(:user)

  297. 

  298.       {:ok, _, _, _} = CommonAPI.follow(following_user, actor)

  299. 

  300.       activity = %{

  301.         "actor" => actor.ap_id,

  302.         "to" => [

  303.           "https://www.w3.org/ns/activitystreams#Public",

  304.           following_user.ap_id,

  305.           non_following_user.ap_id

  306.         ],

  307.         "cc" => [actor.follower_address, "http://foo.bar/qux"]

  308.       }

  309. 

  310.       dm_activity = %{

  311.         "actor" => actor.ap_id,

  312.         "to" => [

  313.           following_user.ap_id,

  314.           non_following_user.ap_id

  315.         ],

  316.         "cc" => []

  317.       }

  318. 

  319.       actor_domain =

  320.         activity

  321.         |> Map.fetch!("actor")

  322.         |> URI.parse()

  323.         |> Map.fetch!(:host)

  324. 

  325.       clear_config([:mrf_simple, :followers_only], [actor_domain])

  326. 

  327.       assert {:ok, new_activity} = SimplePolicy.filter(activity)

  328.       assert actor.follower_address in new_activity["cc"]

  329.       assert following_user.ap_id in new_activity["to"]

  330.       refute "https://www.w3.org/ns/activitystreams#Public" in new_activity["to"]

  331.       refute "https://www.w3.org/ns/activitystreams#Public" in new_activity["cc"]

  332.       refute non_following_user.ap_id in new_activity["to"]

  333.       refute non_following_user.ap_id in new_activity["cc"]

  334. 

  335.       assert {:ok, new_dm_activity} = SimplePolicy.filter(dm_activity)

  336.       assert new_dm_activity["to"] == [following_user.ap_id]

  337.       assert new_dm_activity["cc"] == []

  338.     end

  339.   end

  340. 

  341.   describe "when :accept" do

  342.     test "is empty" do

  343.       clear_config([:mrf_simple, :accept], [])

  344. 

  345.       local_message = build_local_message()

  346.       remote_message = build_remote_message()

  347. 

  348.       assert SimplePolicy.filter(local_message) == {:ok, local_message}

  349.       assert SimplePolicy.filter(remote_message) == {:ok, remote_message}

  350.     end

  351. 

  352.     test "is not empty but activity doesn't have a matching host" do

  353.       clear_config([:mrf_simple, :accept], ["non.matching.remote"])

  354. 

  355.       local_message = build_local_message()

  356.       remote_message = build_remote_message()

  357. 

  358.       assert SimplePolicy.filter(local_message) == {:ok, local_message}

  359.       assert {:reject, _} = SimplePolicy.filter(remote_message)

  360.     end

  361. 

  362.     test "activity has a matching host" do

  363.       clear_config([:mrf_simple, :accept], ["remote.instance"])

  364. 

  365.       local_message = build_local_message()

  366.       remote_message = build_remote_message()

  367. 

  368.       assert SimplePolicy.filter(local_message) == {:ok, local_message}

  369.       assert SimplePolicy.filter(remote_message) == {:ok, remote_message}

  370.     end

  371. 

  372.     test "activity matches with wildcard domain" do

  373.       clear_config([:mrf_simple, :accept], ["*.remote.instance"])

  374. 

  375.       local_message = build_local_message()

  376.       remote_message = build_remote_message()

  377. 

  378.       assert SimplePolicy.filter(local_message) == {:ok, local_message}

  379.       assert SimplePolicy.filter(remote_message) == {:ok, remote_message}

  380.     end

  381. 

  382.     test "actor has a matching host" do

  383.       clear_config([:mrf_simple, :accept], ["remote.instance"])

  384. 

  385.       remote_user = build_remote_user()

  386. 

  387.       assert SimplePolicy.filter(remote_user) == {:ok, remote_user}

  388.     end

  389.   end

  390. 

  391.   describe "when :avatar_removal" do

  392.     test "is empty" do

  393.       clear_config([:mrf_simple, :avatar_removal], [])

  394. 

  395.       remote_user = build_remote_user()

  396. 

  397.       assert SimplePolicy.filter(remote_user) == {:ok, remote_user}

  398.     end

  399. 

  400.     test "is not empty but it doesn't have a matching host" do

  401.       clear_config([:mrf_simple, :avatar_removal], ["non.matching.remote"])

  402. 

  403.       remote_user = build_remote_user()

  404. 

  405.       assert SimplePolicy.filter(remote_user) == {:ok, remote_user}

  406.     end

  407. 

  408.     test "has a matching host" do

  409.       clear_config([:mrf_simple, :avatar_removal], ["remote.instance"])

  410. 

  411.       remote_user = build_remote_user()

  412.       {:ok, filtered} = SimplePolicy.filter(remote_user)

  413. 

  414.       refute filtered["icon"]

  415.     end

  416. 

  417.     test "match with wildcard domain" do

  418.       clear_config([:mrf_simple, :avatar_removal], ["*.remote.instance"])

  419. 

  420.       remote_user = build_remote_user()

  421.       {:ok, filtered} = SimplePolicy.filter(remote_user)

  422. 

  423.       refute filtered["icon"]

  424.     end

  425.   end

  426. 

  427.   describe "when :banner_removal" do

  428.     test "is empty" do

  429.       clear_config([:mrf_simple, :banner_removal], [])

  430. 

  431.       remote_user = build_remote_user()

  432. 

  433.       assert SimplePolicy.filter(remote_user) == {:ok, remote_user}

  434.     end

  435. 

  436.     test "is not empty but it doesn't have a matching host" do

  437.       clear_config([:mrf_simple, :banner_removal], ["non.matching.remote"])

  438. 

  439.       remote_user = build_remote_user()

  440. 

  441.       assert SimplePolicy.filter(remote_user) == {:ok, remote_user}

  442.     end

  443. 

  444.     test "has a matching host" do

  445.       clear_config([:mrf_simple, :banner_removal], ["remote.instance"])

  446. 

  447.       remote_user = build_remote_user()

  448.       {:ok, filtered} = SimplePolicy.filter(remote_user)

  449. 

  450.       refute filtered["image"]

  451.     end

  452. 

  453.     test "match with wildcard domain" do

  454.       clear_config([:mrf_simple, :banner_removal], ["*.remote.instance"])

  455. 

  456.       remote_user = build_remote_user()

  457.       {:ok, filtered} = SimplePolicy.filter(remote_user)

  458. 

  459.       refute filtered["image"]

  460.     end

  461.   end

  462. 

  463.   describe "when :reject_deletes is empty" do

  464.     setup do: clear_config([:mrf_simple, :reject_deletes], [])

  465. 

  466.     test "it accepts deletions even from rejected servers" do

  467.       clear_config([:mrf_simple, :reject], ["remote.instance"])

  468. 

  469.       deletion_message = build_remote_deletion_message()

  470. 

  471.       assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}

  472.     end

  473. 

  474.     test "it accepts deletions even from non-whitelisted servers" do

  475.       clear_config([:mrf_simple, :accept], ["non.matching.remote"])

  476. 

  477.       deletion_message = build_remote_deletion_message()

  478. 

  479.       assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}

  480.     end

  481.   end

  482. 

  483.   describe "when :reject_deletes is not empty but it doesn't have a matching host" do

  484.     setup do: clear_config([:mrf_simple, :reject_deletes], ["non.matching.remote"])

  485. 

  486.     test "it accepts deletions even from rejected servers" do

  487.       clear_config([:mrf_simple, :reject], ["remote.instance"])

  488. 

  489.       deletion_message = build_remote_deletion_message()

  490. 

  491.       assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}

  492.     end

  493. 

  494.     test "it accepts deletions even from non-whitelisted servers" do

  495.       clear_config([:mrf_simple, :accept], ["non.matching.remote"])

  496. 

  497.       deletion_message = build_remote_deletion_message()

  498. 

  499.       assert SimplePolicy.filter(deletion_message) == {:ok, deletion_message}

  500.     end

  501.   end

  502. 

  503.   describe "when :reject_deletes has a matching host" do

  504.     setup do: clear_config([:mrf_simple, :reject_deletes], ["remote.instance"])

  505. 

  506.     test "it rejects the deletion" do

  507.       deletion_message = build_remote_deletion_message()

  508. 

  509.       assert {:reject, _} = SimplePolicy.filter(deletion_message)

  510.     end

  511.   end

  512. 

  513.   describe "when :reject_deletes match with wildcard domain" do

  514.     setup do: clear_config([:mrf_simple, :reject_deletes], ["*.remote.instance"])

  515. 

  516.     test "it rejects the deletion" do

  517.       deletion_message = build_remote_deletion_message()

  518. 

  519.       assert {:reject, _} = SimplePolicy.filter(deletion_message)

  520.     end

  521.   end

  522. 

  523.   defp build_local_message do

  524.     %{

  525.       "actor" => "#{Pleroma.Web.base_url()}/users/alice",

  526.       "to" => [],

  527.       "cc" => []

  528.     }

  529.   end

  530. 

  531.   defp build_remote_message do

  532.     %{"actor" => "https://remote.instance/users/bob"}

  533.   end

  534. 

  535.   defp build_remote_user do

  536.     %{

  537.       "id" => "https://remote.instance/users/bob",

  538.       "icon" => %{

  539.         "url" => "http://example.com/image.jpg",

  540.         "type" => "Image"

  541.       },

  542.       "image" => %{

  543.         "url" => "http://example.com/image.jpg",

  544.         "type" => "Image"

  545.       },

  546.       "type" => "Person"

  547.     }

  548.   end

  549. 

  550.   defp build_remote_deletion_message do

  551.     %{

  552.       "type" => "Delete",

  553.       "actor" => "https://remote.instance/users/bob"

  554.     }

  555.   end

  556. end