1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MastodonAPI.MediaControllerTest do
6 use Pleroma.Web.ConnCase
8 import ExUnit.CaptureLog
12 alias Pleroma.UnstubbedConfigMock, as: ConfigMock
14 alias Pleroma.Web.ActivityPub.ActivityPub
16 describe "Upload media" do
17 setup do: oauth_access(["write:media"])
21 |> stub_with(Pleroma.Test.StaticConfig)
24 content_type: "image/jpeg",
25 path: Path.absname("test/fixtures/image.jpg"),
26 filename: "an_image.jpg"
32 setup do: clear_config([:media_proxy])
33 setup do: clear_config([Pleroma.Upload])
35 test "/api/v1/media", %{conn: conn, image: image} do
36 desc = "Description of the image"
40 |> put_req_header("content-type", "multipart/form-data")
41 |> post("/api/v1/media", %{"file" => image, "description" => desc})
42 |> json_response_and_validate_schema(:ok)
44 assert media["type"] == "image"
45 assert media["description"] == desc
48 object = Object.get_by_id(media["id"])
49 assert object.data["actor"] == User.ap_id(conn.assigns[:user])
52 test "/api/v2/media", %{conn: conn, user: user, image: image} do
53 desc = "Description of the image"
57 |> put_req_header("content-type", "multipart/form-data")
58 |> post("/api/v2/media", %{"file" => image, "description" => desc})
59 |> json_response_and_validate_schema(202)
61 assert media_id = response["id"]
63 %{conn: conn} = oauth_access(["read:media"], user: user)
67 |> get("/api/v1/media/#{media_id}")
68 |> json_response_and_validate_schema(200)
70 assert media["type"] == "image"
71 assert media["description"] == desc
74 object = Object.get_by_id(media["id"])
75 assert object.data["actor"] == user.ap_id
78 test "/api/v2/media, upload_limit", %{conn: conn, user: user} do
79 desc = "Description of the binary"
81 upload_limit = Config.get([:instance, :upload_limit]) * 8 + 8
84 File.write(Path.absname("test/tmp/large_binary.data"), <<0::size(upload_limit)>>)
86 large_binary = %Plug.Upload{
88 path: Path.absname("test/tmp/large_binary.data"),
89 filename: "large_binary.data"
92 assert capture_log(fn ->
93 assert %{"error" => "file_too_large"} =
95 |> put_req_header("content-type", "multipart/form-data")
96 |> post("/api/v2/media", %{
97 "file" => large_binary,
100 |> json_response_and_validate_schema(400)
102 "[error] Elixir.Pleroma.Upload store (using Pleroma.Uploaders.Local) failed: :file_too_large"
104 clear_config([:instance, :upload_limit], upload_limit)
108 |> put_req_header("content-type", "multipart/form-data")
109 |> post("/api/v2/media", %{
110 "file" => large_binary,
111 "description" => desc
113 |> json_response_and_validate_schema(202)
115 assert media_id = response["id"]
117 %{conn: conn} = oauth_access(["read:media"], user: user)
121 |> get("/api/v1/media/#{media_id}")
122 |> json_response_and_validate_schema(200)
124 assert media["type"] == "unknown"
125 assert media["description"] == desc
128 assert :ok == File.rm(Path.absname("test/tmp/large_binary.data"))
131 test "Do not allow nested filename", %{conn: conn, image: image} do
132 image = %Plug.Upload{
134 | filename: "../../../../../nested/file.jpg"
137 desc = "Description of the image"
141 |> put_req_header("content-type", "multipart/form-data")
142 |> post("/api/v1/media", %{"file" => image, "description" => desc})
143 |> json_response_and_validate_schema(:ok)
145 refute Regex.match?(~r"/nested/", media["url"])
149 describe "Update media description" do
150 setup do: oauth_access(["write:media"])
152 setup %{user: actor} do
154 |> stub_with(Pleroma.Test.StaticConfig)
157 content_type: "image/jpeg",
158 path: Path.absname("test/fixtures/image.jpg"),
159 filename: "an_image.jpg"
162 {:ok, %Object{} = object} =
165 actor: User.ap_id(actor),
166 description: "test-m"
172 test "/api/v1/media/:id good request", %{conn: conn, object: object} do
175 |> put_req_header("content-type", "multipart/form-data")
176 |> put("/api/v1/media/#{object.id}", %{"description" => "test-media"})
177 |> json_response_and_validate_schema(:ok)
179 assert media["description"] == "test-media"
180 assert refresh_record(object).data["name"] == "test-media"
184 describe "Get media by id (/api/v1/media/:id)" do
185 setup do: oauth_access(["read:media"])
187 setup %{user: actor} do
189 |> stub_with(Pleroma.Test.StaticConfig)
192 content_type: "image/jpeg",
193 path: Path.absname("test/fixtures/image.jpg"),
194 filename: "an_image.jpg"
197 {:ok, %Object{} = object} =
200 actor: User.ap_id(actor),
201 description: "test-media"
207 test "it returns media object when requested by owner", %{conn: conn, object: object} do
210 |> get("/api/v1/media/#{object.id}")
211 |> json_response_and_validate_schema(:ok)
213 assert media["description"] == "test-media"
214 assert media["type"] == "image"
218 test "it returns 403 if media object requested by non-owner", %{object: object, user: user} do
219 %{conn: conn, user: other_user} = oauth_access(["read:media"])
221 assert object.data["actor"] == user.ap_id
222 refute user.id == other_user.id
225 |> get("/api/v1/media/#{object.id}")
226 |> json_response_and_validate_schema(403)