bookwyrm/bookwyrm/tests/views/inbox/test_inbox.py

""" tests incoming activities"""
import json
import pathlib
from unittest.mock import patch

from django.core.exceptions import PermissionDenied
from django.http import HttpResponseNotAllowed, HttpResponseNotFound
from django.test import TestCase, Client
from django.test.client import RequestFactory

from bookwyrm import models, views


# pylint: disable=too-many-public-methods
class Inbox(TestCase):
    """readthrough tests"""

    def setUp(self):
        """individual test setup"""
        self.client = Client()
        self.factory = RequestFactory()
        self.create_json = {
            "id": "hi",
            "type": "Create",
            "actor": "hi",
            "to": ["https://www.w3.org/ns/activitystreams#public"],
            "cc": ["https://example.com/user/mouse/followers"],
            "object": {},
        }

    @classmethod
    def setUpTestData(cls):
        """basic user and book data"""
        with (
            patch("bookwyrm.suggested_users.rerank_suggestions_task.delay"),
            patch("bookwyrm.activitystreams.populate_stream_task.delay"),
            patch("bookwyrm.lists_stream.populate_lists_task.delay"),
        ):
            local_user = models.User.objects.create_user(
                "mouse@example.com",
                "mouse@mouse.com",
                "mouseword",
                local=True,
                localname="mouse",
            )
        local_user.remote_id = "https://example.com/user/mouse"
        local_user.save(broadcast=False, update_fields=["remote_id"])
        with patch("bookwyrm.models.user.set_remote_server.delay"):
            cls.remote_user = models.User.objects.create_user(
                "rat",
                "rat@rat.com",
                "ratword",
                local=False,
                remote_id="https://example.com/users/rat",
                inbox="https://example.com/users/rat/inbox",
                outbox="https://example.com/users/rat/outbox",
            )
        models.SiteSettings.objects.create()

    def test_inbox_invalid_get(self):
        """shouldn't try to handle if the user is not found"""
        result = self.client.get("/inbox", content_type="application/json")
        self.assertIsInstance(result, HttpResponseNotAllowed)

    def test_inbox_invalid_user(self):
        """shouldn't try to handle if the user is not found"""
        result = self.client.post(
            "/user/bleh/inbox",
            '{"type": "Test", "object": "exists"}',
            content_type="application/json",
        )
        self.assertIsInstance(result, HttpResponseNotFound)

    def test_inbox_invalid_bad_signature(self):
        """bad request for invalid signature"""
        with patch("bookwyrm.views.inbox.has_valid_signature") as mock_valid:
            mock_valid.return_value = False
            result = self.client.post(
                "/user/mouse/inbox",
                '{"type": "Announce", "object": "exists"}',
                content_type="application/json",
            )
            self.assertEqual(result.status_code, 401)

    def test_inbox_invalid_bad_signature_delete(self):
        """invalid signature for Delete is okay though"""
        with patch("bookwyrm.views.inbox.has_valid_signature") as mock_valid:
            mock_valid.return_value = False
            result = self.client.post(
                "/user/mouse/inbox",
                '{"type": "Delete", "object": "exists"}',
                content_type="application/json",
            )
            self.assertEqual(result.status_code, 200)

    def test_inbox_unknown_type(self):
        """never heard of that activity type, don't have a handler for it"""
        with patch("bookwyrm.views.inbox.has_valid_signature") as mock_valid:
            result = self.client.post(
                "/inbox",
                '{"type": "Fish", "object": "exists"}',
                content_type="application/json",
            )
            mock_valid.return_value = True
            self.assertIsInstance(result, HttpResponseNotFound)

    def test_inbox_success(self):
        """a known type, for which we start a task"""
        activity = self.create_json
        activity["object"] = {
            "id": "https://example.com/list/22",
            "type": "BookList",
            "totalItems": 1,
            "first": "https://example.com/list/22?page=1",
            "last": "https://example.com/list/22?page=1",
            "name": "Test List",
            "owner": "https://example.com/user/mouse",
            "to": ["https://www.w3.org/ns/activitystreams#Public"],
            "cc": ["https://example.com/user/mouse/followers"],
            "summary": "summary text",
            "curation": "curated",
            "@context": "https://www.w3.org/ns/activitystreams",
        }
        with patch("bookwyrm.views.inbox.has_valid_signature") as mock_valid:
            mock_valid.return_value = True

            with patch("bookwyrm.views.inbox.activity_task.apply_async"):
                result = self.client.post(
                    "/inbox", json.dumps(activity), content_type="application/json"
                )
        self.assertEqual(result.status_code, 200)

    def test_is_blocked_user_agent(self):
        """check for blocked servers"""
        request = self.factory.post(
            "",
            headers={
                # pylint: disable-next=line-too-long
                "user-agent": "http.rb/4.4.1 (Mastodon/3.3.0; +https://mastodon.social/)",
            },
        )
        self.assertIsNone(views.inbox.raise_is_blocked_user_agent(request))

        models.FederatedServer.objects.create(
            server_name="mastodon.social", status="blocked"
        )
        with self.assertRaises(PermissionDenied):
            views.inbox.raise_is_blocked_user_agent(request)

    def test_is_blocked_activity(self):
        """check for blocked servers"""
        activity = {"actor": "https://mastodon.social/user/whaatever/else"}
        self.assertIsNone(views.inbox.raise_is_blocked_activity(activity))

        models.FederatedServer.objects.create(
            server_name="mastodon.social", status="blocked"
        )
        with self.assertRaises(PermissionDenied):
            views.inbox.raise_is_blocked_activity(activity)

    @patch("bookwyrm.suggested_users.remove_user_task.delay")
    def test_create_by_deactivated_user(self, _):
        """don't let deactivated users post"""
        self.remote_user.delete(broadcast=False)
        self.assertTrue(self.remote_user.deleted)
        datafile = pathlib.Path(__file__).parent.joinpath("../../data/ap_note.json")
        status_data = json.loads(datafile.read_bytes())
        activity = self.create_json
        activity["actor"] = self.remote_user.remote_id
        activity["object"] = status_data
        activity["type"] = "Create"

        response = self.client.post(
            "/inbox",
            json.dumps(activity),
            content_type="application/json",
        )
        self.assertEqual(response.status_code, 403)
Separates inbox tests into multiple files 2021-04-08 18:18:32 +00:00			`""" tests incoming activities"""`
			`import json`
Reject statuses from deactivated remote users 2021-04-18 00:55:22 +00:00			`import pathlib`
Separates inbox tests into multiple files 2021-04-08 18:18:32 +00:00			`from unittest.mock import patch`

Updates inbox view 2021-09-28 00:27:17 +00:00			`from django.core.exceptions import PermissionDenied`
Separates inbox tests into multiple files 2021-04-08 18:18:32 +00:00			`from django.http import HttpResponseNotAllowed, HttpResponseNotFound`
			`from django.test import TestCase, Client`
Merge branch 'main' into domain-block 2021-04-10 16:26:01 +00:00			`from django.test.client import RequestFactory`
Separates inbox tests into multiple files 2021-04-08 18:18:32 +00:00
fixes inbox tests 2021-04-10 18:18:22 +00:00			`from bookwyrm import models, views`
Separates inbox tests into multiple files 2021-04-08 18:18:32 +00:00

			`# pylint: disable=too-many-public-methods`
			`class Inbox(TestCase):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""readthrough tests"""`
Separates inbox tests into multiple files 2021-04-08 18:18:32 +00:00
			`def setUp(self):`
Use setUpTestData() to speed up tests Pylint's `bad-classmethod-argument` is disabled for each definition to avoid rewriting the method bodies just to rename `self` → `cls`. This can be done gradually, as the setUpTestData methods are modified along the way. 2023-11-30 05:56:16 +00:00			`"""individual test setup"""`
Separates inbox tests into multiple files 2021-04-08 18:18:32 +00:00			`self.client = Client()`
Merge branch 'main' into domain-block 2021-04-10 16:26:01 +00:00			`self.factory = RequestFactory()`
Use setUpTestData() to speed up tests Pylint's `bad-classmethod-argument` is disabled for each definition to avoid rewriting the method bodies just to rename `self` → `cls`. This can be done gradually, as the setUpTestData methods are modified along the way. 2023-11-30 05:56:16 +00:00			`self.create_json = {`
			`"id": "hi",`
			`"type": "Create",`
			`"actor": "hi",`
			`"to": ["https://www.w3.org/ns/activitystreams#public"],`
			`"cc": ["https://example.com/user/mouse/followers"],`
			`"object": {},`
			`}`
Tests 2021-05-26 21:57:29 +00:00
Use setUpTestData() to speed up tests Pylint's `bad-classmethod-argument` is disabled for each definition to avoid rewriting the method bodies just to rename `self` → `cls`. This can be done gradually, as the setUpTestData methods are modified along the way. 2023-11-30 05:56:16 +00:00			`@classmethod`
Fix instances of `bad-classmethod-argument` in recently edited files 2024-03-17 23:52:20 +00:00			`def setUpTestData(cls):`
Use setUpTestData() to speed up tests Pylint's `bad-classmethod-argument` is disabled for each definition to avoid rewriting the method bodies just to rename `self` → `cls`. This can be done gradually, as the setUpTestData methods are modified along the way. 2023-11-30 05:56:16 +00:00			`"""basic user and book data"""`
Bracket-wrap calls to `patch()` for better readability 2024-03-17 22:46:30 +00:00			`with (`
			`patch("bookwyrm.suggested_users.rerank_suggestions_task.delay"),`
			`patch("bookwyrm.activitystreams.populate_stream_task.delay"),`
			`patch("bookwyrm.lists_stream.populate_lists_task.delay"),`
			`):`
Moore moocks 2021-08-03 20:27:32 +00:00			`local_user = models.User.objects.create_user(`
			`"mouse@example.com",`
			`"mouse@mouse.com",`
			`"mouseword",`
			`local=True,`
			`localname="mouse",`
			`)`
Refactors test mocks 2021-08-02 23:05:40 +00:00			`local_user.remote_id = "https://example.com/user/mouse"`
Fixes inbox tests 2021-08-03 22:00:02 +00:00			`local_user.save(broadcast=False, update_fields=["remote_id"])`
Refactors test mocks 2021-08-02 23:05:40 +00:00			`with patch("bookwyrm.models.user.set_remote_server.delay"):`
Fix instances of `bad-classmethod-argument` in recently edited files 2024-03-17 23:52:20 +00:00			`cls.remote_user = models.User.objects.create_user(`
Refactors test mocks 2021-08-02 23:05:40 +00:00			`"rat",`
			`"rat@rat.com",`
			`"ratword",`
			`local=False,`
			`remote_id="https://example.com/users/rat",`
			`inbox="https://example.com/users/rat/inbox",`
			`outbox="https://example.com/users/rat/outbox",`
Tests 2021-05-26 21:57:29 +00:00			`)`
Refactors test mocks 2021-08-02 23:05:40 +00:00			`models.SiteSettings.objects.create()`
Separates inbox tests into multiple files 2021-04-08 18:18:32 +00:00
			`def test_inbox_invalid_get(self):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""shouldn't try to handle if the user is not found"""`
Separates inbox tests into multiple files 2021-04-08 18:18:32 +00:00			`result = self.client.get("/inbox", content_type="application/json")`
			`self.assertIsInstance(result, HttpResponseNotAllowed)`

			`def test_inbox_invalid_user(self):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""shouldn't try to handle if the user is not found"""`
Separates inbox tests into multiple files 2021-04-08 18:18:32 +00:00			`result = self.client.post(`
			`"/user/bleh/inbox",`
			`'{"type": "Test", "object": "exists"}',`
			`content_type="application/json",`
			`)`
			`self.assertIsInstance(result, HttpResponseNotFound)`

			`def test_inbox_invalid_bad_signature(self):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""bad request for invalid signature"""`
Separates inbox tests into multiple files 2021-04-08 18:18:32 +00:00			`with patch("bookwyrm.views.inbox.has_valid_signature") as mock_valid:`
			`mock_valid.return_value = False`
			`result = self.client.post(`
			`"/user/mouse/inbox",`
			`'{"type": "Announce", "object": "exists"}',`
			`content_type="application/json",`
			`)`
			`self.assertEqual(result.status_code, 401)`

			`def test_inbox_invalid_bad_signature_delete(self):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""invalid signature for Delete is okay though"""`
Separates inbox tests into multiple files 2021-04-08 18:18:32 +00:00			`with patch("bookwyrm.views.inbox.has_valid_signature") as mock_valid:`
			`mock_valid.return_value = False`
			`result = self.client.post(`
			`"/user/mouse/inbox",`
			`'{"type": "Delete", "object": "exists"}',`
			`content_type="application/json",`
			`)`
			`self.assertEqual(result.status_code, 200)`

			`def test_inbox_unknown_type(self):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""never heard of that activity type, don't have a handler for it"""`
Separates inbox tests into multiple files 2021-04-08 18:18:32 +00:00			`with patch("bookwyrm.views.inbox.has_valid_signature") as mock_valid:`
			`result = self.client.post(`
			`"/inbox",`
			`'{"type": "Fish", "object": "exists"}',`
			`content_type="application/json",`
			`)`
			`mock_valid.return_value = True`
			`self.assertIsInstance(result, HttpResponseNotFound)`

			`def test_inbox_success(self):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""a known type, for which we start a task"""`
Separates inbox tests into multiple files 2021-04-08 18:18:32 +00:00			`activity = self.create_json`
			`activity["object"] = {`
			`"id": "https://example.com/list/22",`
			`"type": "BookList",`
			`"totalItems": 1,`
			`"first": "https://example.com/list/22?page=1",`
			`"last": "https://example.com/list/22?page=1",`
			`"name": "Test List",`
			`"owner": "https://example.com/user/mouse",`
			`"to": ["https://www.w3.org/ns/activitystreams#Public"],`
			`"cc": ["https://example.com/user/mouse/followers"],`
			`"summary": "summary text",`
			`"curation": "curated",`
			`"@context": "https://www.w3.org/ns/activitystreams",`
			`}`
			`with patch("bookwyrm.views.inbox.has_valid_signature") as mock_valid:`
			`mock_valid.return_value = True`

Fixes mocks in tests 2023-01-25 17:32:45 +00:00			`with patch("bookwyrm.views.inbox.activity_task.apply_async"):`
Separates inbox tests into multiple files 2021-04-08 18:18:32 +00:00			`result = self.client.post(`
			`"/inbox", json.dumps(activity), content_type="application/json"`
			`)`
			`self.assertEqual(result.status_code, 200)`
Merge branch 'main' into domain-block 2021-04-10 16:26:01 +00:00
			`def test_is_blocked_user_agent(self):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""check for blocked servers"""`
Merge branch 'main' into domain-block 2021-04-10 16:26:01 +00:00			`request = self.factory.post(`
			`"",`
Use headers dict instead of HTTP_* kwargs or request.META 2024-04-01 13:28:01 +00:00			`headers={`
			`# pylint: disable-next=line-too-long`
			`"user-agent": "http.rb/4.4.1 (Mastodon/3.3.0; +https://mastodon.social/)",`
			`},`
Merge branch 'main' into domain-block 2021-04-10 16:26:01 +00:00			`)`
Updates inbox view 2021-09-28 00:27:17 +00:00			`self.assertIsNone(views.inbox.raise_is_blocked_user_agent(request))`
Merge branch 'main' into domain-block 2021-04-10 16:26:01 +00:00
			`models.FederatedServer.objects.create(`
			`server_name="mastodon.social", status="blocked"`
			`)`
Updates inbox view 2021-09-28 00:27:17 +00:00			`with self.assertRaises(PermissionDenied):`
			`views.inbox.raise_is_blocked_user_agent(request)`
Merge branch 'main' into domain-block 2021-04-10 16:26:01 +00:00
			`def test_is_blocked_activity(self):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""check for blocked servers"""`
Merge branch 'main' into domain-block 2021-04-10 16:26:01 +00:00			`activity = {"actor": "https://mastodon.social/user/whaatever/else"}`
Updates inbox view 2021-09-28 00:27:17 +00:00			`self.assertIsNone(views.inbox.raise_is_blocked_activity(activity))`
Merge branch 'main' into domain-block 2021-04-10 16:26:01 +00:00
			`models.FederatedServer.objects.create(`
			`server_name="mastodon.social", status="blocked"`
			`)`
Updates inbox view 2021-09-28 00:27:17 +00:00			`with self.assertRaises(PermissionDenied):`
			`views.inbox.raise_is_blocked_activity(activity)`
Reject statuses from deactivated remote users 2021-04-18 00:55:22 +00:00
Fixes inbox tests 2021-08-03 22:00:02 +00:00			`@patch("bookwyrm.suggested_users.remove_user_task.delay")`
			`def test_create_by_deactivated_user(self, _):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""don't let deactivated users post"""`
Reject statuses from deactivated remote users 2021-04-18 00:55:22 +00:00			`self.remote_user.delete(broadcast=False)`
			`self.assertTrue(self.remote_user.deleted)`
			`datafile = pathlib.Path(__file__).parent.joinpath("../../data/ap_note.json")`
			`status_data = json.loads(datafile.read_bytes())`
			`activity = self.create_json`
			`activity["actor"] = self.remote_user.remote_id`
			`activity["object"] = status_data`
Updates inbox view 2021-09-28 00:27:17 +00:00			`activity["type"] = "Create"`
Reject statuses from deactivated remote users 2021-04-18 00:55:22 +00:00
Updates inbox view 2021-09-28 00:27:17 +00:00			`response = self.client.post(`
			`"/inbox",`
			`json.dumps(activity),`
			`content_type="application/json",`
			`)`
			`self.assertEqual(response.status_code, 403)`