diff --git a/lib/pleroma/web/static_fe/static_fe_controller.ex b/lib/pleroma/web/static_fe/static_fe_controller.ex index 66d2d0367c..5e60c82b00 100644 --- a/lib/pleroma/web/static_fe/static_fe_controller.ex +++ b/lib/pleroma/web/static_fe/static_fe_controller.ex @@ -9,6 +9,7 @@ defmodule Pleroma.Web.StaticFE.StaticFEController do alias Pleroma.Object alias Pleroma.User alias Pleroma.Web.ActivityPub.ActivityPub + alias Pleroma.Web.ActivityPub.Visibility alias Pleroma.Web.Metadata alias Pleroma.Web.Router.Helpers @@ -62,19 +63,20 @@ def represent(%Activity{object: %Object{data: data}} = activity, selected) do end def show(%{assigns: %{notice_id: notice_id}} = conn, _params) do - case Activity.get_by_id_with_object(notice_id) do - %Activity{local: true} = activity -> - %User{} = user = User.get_by_ap_id(activity.object.data["actor"]) - meta = Metadata.build_tags(%{activity_id: notice_id, object: activity.object, user: user}) + with %Activity{local: true} = activity <- + Activity.get_by_id_with_object(notice_id), + true <- Visibility.is_public?(activity.object), + %User{} = user <- User.get_by_ap_id(activity.object.data["actor"]) do + meta = Metadata.build_tags(%{activity_id: notice_id, object: activity.object, user: user}) - timeline = - activity.object.data["context"] - |> ActivityPub.fetch_activities_for_context(%{}) - |> Enum.reverse() - |> Enum.map(&represent(&1, &1.object.id == activity.object.id)) - - render(conn, "conversation.html", %{activities: timeline, meta: meta}) + timeline = + activity.object.data["context"] + |> ActivityPub.fetch_activities_for_context(%{}) + |> Enum.reverse() + |> Enum.map(&represent(&1, &1.object.id == activity.object.id)) + render(conn, "conversation.html", %{activities: timeline, meta: meta}) + else _ -> conn |> put_status(404) diff --git a/test/web/static_fe/static_fe_controller_test.exs b/test/web/static_fe/static_fe_controller_test.exs index 9099540bd2..e4bb78b017 100644 --- a/test/web/static_fe/static_fe_controller_test.exs +++ b/test/web/static_fe/static_fe_controller_test.exs @@ -1,6 +1,8 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do use Pleroma.Web.ConnCase alias Pleroma.Web.CommonAPI + alias Pleroma.Web.ActivityPub.Transmogrifier + import Pleroma.Factory clear_config_all([:static_fe, :enabled]) do @@ -10,36 +12,60 @@ defmodule Pleroma.Web.StaticFE.StaticFEControllerTest do describe "user profile page" do test "just the profile as HTML", %{conn: conn} do user = insert(:user) - conn = conn - |> put_req_header("accept", "text/html") - |> get("/users/#{user.nickname}") + + conn = + conn + |> put_req_header("accept", "text/html") + |> get("/users/#{user.nickname}") assert html_response(conn, 200) =~ user.nickname end test "renders json unless there's an html accept header", %{conn: conn} do user = insert(:user) - conn = conn - |> put_req_header("accept", "application/json") - |> get("/users/#{user.nickname}") + + conn = + conn + |> put_req_header("accept", "application/json") + |> get("/users/#{user.nickname}") assert json_response(conn, 200) end test "404 when user not found", %{conn: conn} do - conn = conn - |> put_req_header("accept", "text/html") - |> get("/users/limpopo") + conn = + conn + |> put_req_header("accept", "text/html") + |> get("/users/limpopo") assert html_response(conn, 404) =~ "not found" end + test "profile does not include private messages", %{conn: conn} do + user = insert(:user) + CommonAPI.post(user, %{"status" => "public"}) + CommonAPI.post(user, %{"status" => "private", "visibility" => "private"}) + + conn = + conn + |> put_req_header("accept", "text/html") + |> get("/users/#{user.nickname}") + + html = html_response(conn, 200) + + assert html =~ ">public<" + refute html =~ ">private<" + end + test "pagination", %{conn: conn} do user = insert(:user) Enum.map(1..30, fn i -> CommonAPI.post(user, %{"status" => "test#{i}"}) end) - conn = conn - |> put_req_header("accept", "text/html") - |> get("/users/#{user.nickname}") + + conn = + conn + |> put_req_header("accept", "text/html") + |> get("/users/#{user.nickname}") + html = html_response(conn, 200) assert html =~ ">test30<" @@ -50,12 +76,14 @@ test "pagination", %{conn: conn} do test "pagination, page 2", %{conn: conn} do user = insert(:user) - activities = - Enum.map(1..30, fn i -> CommonAPI.post(user, %{"status" => "test#{i}"}) end) + activities = Enum.map(1..30, fn i -> CommonAPI.post(user, %{"status" => "test#{i}"}) end) {:ok, a11} = Enum.at(activities, 11) - conn = conn - |> put_req_header("accept", "text/html") - |> get("/users/#{user.nickname}?max_id=#{a11.id}") + + conn = + conn + |> put_req_header("accept", "text/html") + |> get("/users/#{user.nickname}?max_id=#{a11.id}") + html = html_response(conn, 200) assert html =~ ">test1<" @@ -70,9 +98,10 @@ test "single notice page", %{conn: conn} do user = insert(:user) {:ok, activity} = CommonAPI.post(user, %{"status" => "testing a thing!"}) - conn = conn - |> put_req_header("accept", "text/html") - |> get("/notice/#{activity.id}") + conn = + conn + |> put_req_header("accept", "text/html") + |> get("/notice/#{activity.id}") html = html_response(conn, 200) assert html =~ "
" @@ -80,10 +109,71 @@ test "single notice page", %{conn: conn} do assert html =~ "testing a thing!" end + test "shows the whole thread", %{conn: conn} do + user = insert(:user) + {:ok, activity} = CommonAPI.post(user, %{"status" => "space: the final frontier"}) + + CommonAPI.post(user, %{ + "status" => "these are the voyages or something", + "in_reply_to_status_id" => activity.id + }) + + conn = + conn + |> put_req_header("accept", "text/html") + |> get("/notice/#{activity.id}") + + html = html_response(conn, 200) + assert html =~ "the final frontier" + assert html =~ "voyages" + end + test "404 when notice not found", %{conn: conn} do - conn = conn - |> put_req_header("accept", "text/html") - |> get("/notice/88c9c317") + conn = + conn + |> put_req_header("accept", "text/html") + |> get("/notice/88c9c317") + + assert html_response(conn, 404) =~ "not found" + end + + test "404 for private status", %{conn: conn} do + user = insert(:user) + + {:ok, activity} = + CommonAPI.post(user, %{"status" => "don't show me!", "visibility" => "private"}) + + conn = + conn + |> put_req_header("accept", "text/html") + |> get("/notice/#{activity.id}") + + assert html_response(conn, 404) =~ "not found" + end + + test "404 for remote cached status", %{conn: conn} do + user = insert(:user) + + message = %{ + "@context" => "https://www.w3.org/ns/activitystreams", + "to" => user.follower_address, + "cc" => "https://www.w3.org/ns/activitystreams#Public", + "type" => "Create", + "object" => %{ + "content" => "blah blah blah", + "type" => "Note", + "attributedTo" => user.ap_id, + "inReplyTo" => nil + }, + "actor" => user.ap_id + } + + assert {:ok, activity} = Transmogrifier.handle_incoming(message) + + conn = + conn + |> put_req_header("accept", "text/html") + |> get("/notice/#{activity.id}") assert html_response(conn, 404) =~ "not found" end