""" tests incoming activities""" import json import pathlib from unittest.mock import patch from django.http import HttpResponseNotAllowed, HttpResponseNotFound from django.test import TestCase, Client from django.test.client import RequestFactory from bookwyrm import models, views # pylint: disable=too-many-public-methods class Inbox(TestCase): """ readthrough tests """ def setUp(self): """ basic user and book data """ self.client = Client() self.factory = RequestFactory() local_user = models.User.objects.create_user( "mouse@example.com", "mouse@mouse.com", "mouseword", local=True, localname="mouse", ) local_user.remote_id = "https://example.com/user/mouse" local_user.save(broadcast=False) with patch("bookwyrm.models.user.set_remote_server.delay"): self.remote_user = models.User.objects.create_user( "rat", "rat@rat.com", "ratword", local=False, remote_id="https://example.com/users/rat", inbox="https://example.com/users/rat/inbox", outbox="https://example.com/users/rat/outbox", ) self.create_json = { "id": "hi", "type": "Create", "actor": "hi", "to": ["https://www.w3.org/ns/activitystreams#public"], "cc": ["https://example.com/user/mouse/followers"], "object": {}, } models.SiteSettings.objects.create() def test_inbox_invalid_get(self): """ shouldn't try to handle if the user is not found """ result = self.client.get("/inbox", content_type="application/json") self.assertIsInstance(result, HttpResponseNotAllowed) def test_inbox_invalid_user(self): """ shouldn't try to handle if the user is not found """ result = self.client.post( "/user/bleh/inbox", '{"type": "Test", "object": "exists"}', content_type="application/json", ) self.assertIsInstance(result, HttpResponseNotFound) def test_inbox_invalid_bad_signature(self): """ bad request for invalid signature """ with patch("bookwyrm.views.inbox.has_valid_signature") as mock_valid: mock_valid.return_value = False result = self.client.post( "/user/mouse/inbox", '{"type": "Announce", "object": "exists"}', content_type="application/json", ) self.assertEqual(result.status_code, 401) def test_inbox_invalid_bad_signature_delete(self): """ invalid signature for Delete is okay though """ with patch("bookwyrm.views.inbox.has_valid_signature") as mock_valid: mock_valid.return_value = False result = self.client.post( "/user/mouse/inbox", '{"type": "Delete", "object": "exists"}', content_type="application/json", ) self.assertEqual(result.status_code, 200) def test_inbox_unknown_type(self): """ never heard of that activity type, don't have a handler for it """ with patch("bookwyrm.views.inbox.has_valid_signature") as mock_valid: result = self.client.post( "/inbox", '{"type": "Fish", "object": "exists"}', content_type="application/json", ) mock_valid.return_value = True self.assertIsInstance(result, HttpResponseNotFound) def test_inbox_success(self): """ a known type, for which we start a task """ activity = self.create_json activity["object"] = { "id": "https://example.com/list/22", "type": "BookList", "totalItems": 1, "first": "https://example.com/list/22?page=1", "last": "https://example.com/list/22?page=1", "name": "Test List", "owner": "https://example.com/user/mouse", "to": ["https://www.w3.org/ns/activitystreams#Public"], "cc": ["https://example.com/user/mouse/followers"], "summary": "summary text", "curation": "curated", "@context": "https://www.w3.org/ns/activitystreams", } with patch("bookwyrm.views.inbox.has_valid_signature") as mock_valid: mock_valid.return_value = True with patch("bookwyrm.views.inbox.activity_task.delay"): result = self.client.post( "/inbox", json.dumps(activity), content_type="application/json" ) self.assertEqual(result.status_code, 200) def test_is_blocked_user_agent(self): """ check for blocked servers """ request = self.factory.post( "", HTTP_USER_AGENT="http.rb/4.4.1 (Mastodon/3.3.0; +https://mastodon.social/)", ) self.assertFalse(views.inbox.is_blocked_user_agent(request)) models.FederatedServer.objects.create( server_name="mastodon.social", status="blocked" ) self.assertTrue(views.inbox.is_blocked_user_agent(request)) def test_is_blocked_activity(self): """ check for blocked servers """ activity = {"actor": "https://mastodon.social/user/whaatever/else"} self.assertFalse(views.inbox.is_blocked_activity(activity)) models.FederatedServer.objects.create( server_name="mastodon.social", status="blocked" ) self.assertTrue(views.inbox.is_blocked_activity(activity)) def test_create_by_deactivated_user(self): """ don't let deactivated users post """ self.remote_user.delete(broadcast=False) self.assertTrue(self.remote_user.deleted) datafile = pathlib.Path(__file__).parent.joinpath("../../data/ap_note.json") status_data = json.loads(datafile.read_bytes()) activity = self.create_json activity["actor"] = self.remote_user.remote_id activity["object"] = status_data with patch("bookwyrm.views.inbox.has_valid_signature") as mock_valid: mock_valid.return_value = True result = self.client.post( "/inbox", json.dumps(activity), content_type="application/json" ) self.assertEqual(result.status_code, 403)