2021-04-08 18:18:32 +00:00
|
|
|
""" tests incoming activities"""
|
|
|
|
import json
|
2021-04-18 00:55:22 +00:00
|
|
|
import pathlib
|
2021-04-08 18:18:32 +00:00
|
|
|
from unittest.mock import patch
|
|
|
|
|
2021-09-28 00:27:17 +00:00
|
|
|
from django.core.exceptions import PermissionDenied
|
2021-04-08 18:18:32 +00:00
|
|
|
from django.http import HttpResponseNotAllowed, HttpResponseNotFound
|
|
|
|
from django.test import TestCase, Client
|
2021-04-10 16:26:01 +00:00
|
|
|
from django.test.client import RequestFactory
|
2021-04-08 18:18:32 +00:00
|
|
|
|
2021-04-10 18:18:22 +00:00
|
|
|
from bookwyrm import models, views
|
2021-04-08 18:18:32 +00:00
|
|
|
|
|
|
|
|
|
|
|
# pylint: disable=too-many-public-methods
|
|
|
|
class Inbox(TestCase):
|
2021-04-26 16:15:42 +00:00
|
|
|
"""readthrough tests"""
|
2021-04-08 18:18:32 +00:00
|
|
|
|
|
|
|
def setUp(self):
|
2021-04-26 16:15:42 +00:00
|
|
|
"""basic user and book data"""
|
2021-04-08 18:18:32 +00:00
|
|
|
self.client = Client()
|
2021-04-10 16:26:01 +00:00
|
|
|
self.factory = RequestFactory()
|
2021-05-26 21:57:29 +00:00
|
|
|
|
2021-09-06 21:48:45 +00:00
|
|
|
with patch("bookwyrm.suggested_users.rerank_suggestions_task.delay"), patch(
|
|
|
|
"bookwyrm.activitystreams.populate_stream_task.delay"
|
2021-12-09 23:02:53 +00:00
|
|
|
), patch("bookwyrm.lists_stream.populate_lists_task.delay"):
|
2021-08-03 20:27:32 +00:00
|
|
|
local_user = models.User.objects.create_user(
|
|
|
|
"mouse@example.com",
|
|
|
|
"mouse@mouse.com",
|
|
|
|
"mouseword",
|
|
|
|
local=True,
|
|
|
|
localname="mouse",
|
|
|
|
)
|
2021-08-02 23:05:40 +00:00
|
|
|
local_user.remote_id = "https://example.com/user/mouse"
|
2021-08-03 22:00:02 +00:00
|
|
|
local_user.save(broadcast=False, update_fields=["remote_id"])
|
2021-08-02 23:05:40 +00:00
|
|
|
with patch("bookwyrm.models.user.set_remote_server.delay"):
|
|
|
|
self.remote_user = models.User.objects.create_user(
|
|
|
|
"rat",
|
|
|
|
"rat@rat.com",
|
|
|
|
"ratword",
|
|
|
|
local=False,
|
|
|
|
remote_id="https://example.com/users/rat",
|
|
|
|
inbox="https://example.com/users/rat/inbox",
|
|
|
|
outbox="https://example.com/users/rat/outbox",
|
2021-05-26 21:57:29 +00:00
|
|
|
)
|
2021-04-08 18:18:32 +00:00
|
|
|
self.create_json = {
|
|
|
|
"id": "hi",
|
|
|
|
"type": "Create",
|
|
|
|
"actor": "hi",
|
|
|
|
"to": ["https://www.w3.org/ns/activitystreams#public"],
|
|
|
|
"cc": ["https://example.com/user/mouse/followers"],
|
|
|
|
"object": {},
|
|
|
|
}
|
2021-08-02 23:05:40 +00:00
|
|
|
models.SiteSettings.objects.create()
|
2021-04-08 18:18:32 +00:00
|
|
|
|
|
|
|
def test_inbox_invalid_get(self):
|
2021-04-26 16:15:42 +00:00
|
|
|
"""shouldn't try to handle if the user is not found"""
|
2021-04-08 18:18:32 +00:00
|
|
|
result = self.client.get("/inbox", content_type="application/json")
|
|
|
|
self.assertIsInstance(result, HttpResponseNotAllowed)
|
|
|
|
|
|
|
|
def test_inbox_invalid_user(self):
|
2021-04-26 16:15:42 +00:00
|
|
|
"""shouldn't try to handle if the user is not found"""
|
2021-04-08 18:18:32 +00:00
|
|
|
result = self.client.post(
|
|
|
|
"/user/bleh/inbox",
|
|
|
|
'{"type": "Test", "object": "exists"}',
|
|
|
|
content_type="application/json",
|
|
|
|
)
|
|
|
|
self.assertIsInstance(result, HttpResponseNotFound)
|
|
|
|
|
|
|
|
def test_inbox_invalid_bad_signature(self):
|
2021-04-26 16:15:42 +00:00
|
|
|
"""bad request for invalid signature"""
|
2021-04-08 18:18:32 +00:00
|
|
|
with patch("bookwyrm.views.inbox.has_valid_signature") as mock_valid:
|
|
|
|
mock_valid.return_value = False
|
|
|
|
result = self.client.post(
|
|
|
|
"/user/mouse/inbox",
|
|
|
|
'{"type": "Announce", "object": "exists"}',
|
|
|
|
content_type="application/json",
|
|
|
|
)
|
|
|
|
self.assertEqual(result.status_code, 401)
|
|
|
|
|
|
|
|
def test_inbox_invalid_bad_signature_delete(self):
|
2021-04-26 16:15:42 +00:00
|
|
|
"""invalid signature for Delete is okay though"""
|
2021-04-08 18:18:32 +00:00
|
|
|
with patch("bookwyrm.views.inbox.has_valid_signature") as mock_valid:
|
|
|
|
mock_valid.return_value = False
|
|
|
|
result = self.client.post(
|
|
|
|
"/user/mouse/inbox",
|
|
|
|
'{"type": "Delete", "object": "exists"}',
|
|
|
|
content_type="application/json",
|
|
|
|
)
|
|
|
|
self.assertEqual(result.status_code, 200)
|
|
|
|
|
|
|
|
def test_inbox_unknown_type(self):
|
2021-04-26 16:15:42 +00:00
|
|
|
"""never heard of that activity type, don't have a handler for it"""
|
2021-04-08 18:18:32 +00:00
|
|
|
with patch("bookwyrm.views.inbox.has_valid_signature") as mock_valid:
|
|
|
|
result = self.client.post(
|
|
|
|
"/inbox",
|
|
|
|
'{"type": "Fish", "object": "exists"}',
|
|
|
|
content_type="application/json",
|
|
|
|
)
|
|
|
|
mock_valid.return_value = True
|
|
|
|
self.assertIsInstance(result, HttpResponseNotFound)
|
|
|
|
|
|
|
|
def test_inbox_success(self):
|
2021-04-26 16:15:42 +00:00
|
|
|
"""a known type, for which we start a task"""
|
2021-04-08 18:18:32 +00:00
|
|
|
activity = self.create_json
|
|
|
|
activity["object"] = {
|
|
|
|
"id": "https://example.com/list/22",
|
|
|
|
"type": "BookList",
|
|
|
|
"totalItems": 1,
|
|
|
|
"first": "https://example.com/list/22?page=1",
|
|
|
|
"last": "https://example.com/list/22?page=1",
|
|
|
|
"name": "Test List",
|
|
|
|
"owner": "https://example.com/user/mouse",
|
|
|
|
"to": ["https://www.w3.org/ns/activitystreams#Public"],
|
|
|
|
"cc": ["https://example.com/user/mouse/followers"],
|
|
|
|
"summary": "summary text",
|
|
|
|
"curation": "curated",
|
|
|
|
"@context": "https://www.w3.org/ns/activitystreams",
|
|
|
|
}
|
|
|
|
with patch("bookwyrm.views.inbox.has_valid_signature") as mock_valid:
|
|
|
|
mock_valid.return_value = True
|
|
|
|
|
|
|
|
with patch("bookwyrm.views.inbox.activity_task.delay"):
|
|
|
|
result = self.client.post(
|
|
|
|
"/inbox", json.dumps(activity), content_type="application/json"
|
|
|
|
)
|
|
|
|
self.assertEqual(result.status_code, 200)
|
2021-04-10 16:26:01 +00:00
|
|
|
|
|
|
|
def test_is_blocked_user_agent(self):
|
2021-04-26 16:15:42 +00:00
|
|
|
"""check for blocked servers"""
|
2021-04-10 16:26:01 +00:00
|
|
|
request = self.factory.post(
|
|
|
|
"",
|
|
|
|
HTTP_USER_AGENT="http.rb/4.4.1 (Mastodon/3.3.0; +https://mastodon.social/)",
|
|
|
|
)
|
2021-09-28 00:27:17 +00:00
|
|
|
self.assertIsNone(views.inbox.raise_is_blocked_user_agent(request))
|
2021-04-10 16:26:01 +00:00
|
|
|
|
|
|
|
models.FederatedServer.objects.create(
|
|
|
|
server_name="mastodon.social", status="blocked"
|
|
|
|
)
|
2021-09-28 00:27:17 +00:00
|
|
|
with self.assertRaises(PermissionDenied):
|
|
|
|
views.inbox.raise_is_blocked_user_agent(request)
|
2021-04-10 16:26:01 +00:00
|
|
|
|
|
|
|
def test_is_blocked_activity(self):
|
2021-04-26 16:15:42 +00:00
|
|
|
"""check for blocked servers"""
|
2021-04-10 16:26:01 +00:00
|
|
|
activity = {"actor": "https://mastodon.social/user/whaatever/else"}
|
2021-09-28 00:27:17 +00:00
|
|
|
self.assertIsNone(views.inbox.raise_is_blocked_activity(activity))
|
2021-04-10 16:26:01 +00:00
|
|
|
|
|
|
|
models.FederatedServer.objects.create(
|
|
|
|
server_name="mastodon.social", status="blocked"
|
|
|
|
)
|
2021-09-28 00:27:17 +00:00
|
|
|
with self.assertRaises(PermissionDenied):
|
|
|
|
views.inbox.raise_is_blocked_activity(activity)
|
2021-04-18 00:55:22 +00:00
|
|
|
|
2021-08-03 22:00:02 +00:00
|
|
|
@patch("bookwyrm.suggested_users.remove_user_task.delay")
|
|
|
|
def test_create_by_deactivated_user(self, _):
|
2021-04-26 16:15:42 +00:00
|
|
|
"""don't let deactivated users post"""
|
2021-04-18 00:55:22 +00:00
|
|
|
self.remote_user.delete(broadcast=False)
|
|
|
|
self.assertTrue(self.remote_user.deleted)
|
|
|
|
datafile = pathlib.Path(__file__).parent.joinpath("../../data/ap_note.json")
|
|
|
|
status_data = json.loads(datafile.read_bytes())
|
|
|
|
activity = self.create_json
|
|
|
|
activity["actor"] = self.remote_user.remote_id
|
|
|
|
activity["object"] = status_data
|
2021-09-28 00:27:17 +00:00
|
|
|
activity["type"] = "Create"
|
2021-04-18 00:55:22 +00:00
|
|
|
|
2021-09-28 00:27:17 +00:00
|
|
|
response = self.client.post(
|
|
|
|
"/inbox",
|
|
|
|
json.dumps(activity),
|
|
|
|
content_type="application/json",
|
|
|
|
)
|
|
|
|
self.assertEqual(response.status_code, 403)
|