2022-11-27 15:03:10 +00:00
|
|
|
"""Unit tests for follow.py.
|
|
|
|
|
"""
|
2023-01-10 03:01:48 +00:00
|
|
|
import copy
|
2022-11-27 15:03:10 +00:00
|
|
|
from unittest.mock import patch
|
|
|
|
|
|
2023-02-18 00:12:25 +00:00
|
|
|
from flask import get_flashed_messages, session
|
2023-01-07 17:34:55 +00:00
|
|
|
from granary import as2
|
|
|
|
|
from oauth_dropins import indieauth
|
|
|
|
|
from oauth_dropins.webutil import util
|
2022-11-27 15:03:10 +00:00
|
|
|
from oauth_dropins.webutil.testutil import requests_response
|
2023-01-07 17:34:55 +00:00
|
|
|
from oauth_dropins.webutil.util import json_dumps, json_loads
|
2022-11-27 15:03:10 +00:00
|
|
|
|
2023-04-19 00:17:48 +00:00
|
|
|
from flask_app import app
|
2022-11-27 15:03:10 +00:00
|
|
|
import common
|
2023-02-24 03:17:26 +00:00
|
|
|
from common import redirect_unwrap
|
2023-01-28 23:04:02 +00:00
|
|
|
from models import Follower, Object, User
|
2023-05-27 00:40:29 +00:00
|
|
|
from web import Web
|
2023-05-26 23:07:36 +00:00
|
|
|
|
2022-11-27 15:03:10 +00:00
|
|
|
from . import testutil
|
|
|
|
|
|
|
|
|
|
WEBFINGER = requests_response({
|
|
|
|
|
'subject': 'acct:foo@bar',
|
|
|
|
|
'aliases': [
|
|
|
|
|
'https://bar/foo',
|
|
|
|
|
],
|
|
|
|
|
'links': [{
|
|
|
|
|
'rel': 'http://ostatus.org/schema/1.0/subscribe',
|
|
|
|
|
'template': 'https://bar/follow?uri={uri}'
|
2023-01-07 17:34:55 +00:00
|
|
|
}, {
|
|
|
|
|
'rel': 'self',
|
|
|
|
|
'type': as2.CONTENT_TYPE,
|
|
|
|
|
'href': 'https://bar/actor'
|
2022-11-27 15:03:10 +00:00
|
|
|
}],
|
|
|
|
|
})
|
2023-01-10 03:01:48 +00:00
|
|
|
FOLLOWEE = {
|
|
|
|
|
'type': 'Person',
|
|
|
|
|
'id': 'https://bar/id',
|
|
|
|
|
'url': 'https://bar/url',
|
|
|
|
|
'inbox': 'http://bar/inbox',
|
|
|
|
|
}
|
|
|
|
|
FOLLOW_ADDRESS = {
|
|
|
|
|
'@context': 'https://www.w3.org/ns/activitystreams',
|
|
|
|
|
'type': 'Follow',
|
2023-02-07 03:23:25 +00:00
|
|
|
'id': f'http://localhost/user/alice.com/following#2022-01-02T03:04:05-@foo@bar',
|
|
|
|
|
'actor': 'http://localhost/alice.com',
|
2023-01-10 03:01:48 +00:00
|
|
|
'object': FOLLOWEE,
|
|
|
|
|
'to': [as2.PUBLIC_AUDIENCE],
|
|
|
|
|
}
|
|
|
|
|
FOLLOW_URL = copy.deepcopy(FOLLOW_ADDRESS)
|
2023-02-07 03:23:25 +00:00
|
|
|
FOLLOW_URL['id'] = f'http://localhost/user/alice.com/following#2022-01-02T03:04:05-https://bar/actor'
|
2023-01-10 03:01:48 +00:00
|
|
|
UNDO_FOLLOW = {
|
|
|
|
|
'@context': 'https://www.w3.org/ns/activitystreams',
|
|
|
|
|
'type': 'Undo',
|
2023-02-07 03:23:25 +00:00
|
|
|
'id': f'http://localhost/user/alice.com/following#undo-2022-01-02T03:04:05-https://bar/id',
|
|
|
|
|
'actor': 'http://localhost/alice.com',
|
2023-01-10 03:01:48 +00:00
|
|
|
'object': FOLLOW_ADDRESS,
|
|
|
|
|
}
|
2022-11-27 15:03:10 +00:00
|
|
|
|
2023-01-07 17:34:55 +00:00
|
|
|
|
2022-11-27 15:03:10 +00:00
|
|
|
@patch('requests.get')
|
2023-01-07 17:34:55 +00:00
|
|
|
class RemoteFollowTest(testutil.TestCase):
|
2022-11-27 15:03:10 +00:00
|
|
|
|
|
|
|
|
def setUp(self):
|
|
|
|
|
super().setUp()
|
2023-03-10 23:13:45 +00:00
|
|
|
self.make_user('me')
|
2022-11-27 15:03:10 +00:00
|
|
|
|
|
|
|
|
def test_follow_no_domain(self, mock_get):
|
2023-01-07 17:34:55 +00:00
|
|
|
got = self.client.post('/remote-follow?address=@foo@bar')
|
2022-11-27 15:03:10 +00:00
|
|
|
self.assertEqual(400, got.status_code)
|
|
|
|
|
|
|
|
|
|
def test_follow_no_address(self, mock_get):
|
2023-01-07 17:34:55 +00:00
|
|
|
got = self.client.post('/remote-follow?domain=baz.com')
|
2022-11-27 15:03:10 +00:00
|
|
|
self.assertEqual(400, got.status_code)
|
|
|
|
|
|
|
|
|
|
def test_follow_no_user(self, mock_get):
|
2023-01-07 17:34:55 +00:00
|
|
|
got = self.client.post('/remote-follow?address=@foo@bar&domain=baz.com')
|
2022-11-27 15:03:10 +00:00
|
|
|
self.assertEqual(400, got.status_code)
|
|
|
|
|
|
|
|
|
|
def test_follow(self, mock_get):
|
|
|
|
|
mock_get.return_value = WEBFINGER
|
2023-01-07 17:34:55 +00:00
|
|
|
got = self.client.post('/remote-follow?address=@foo@bar&domain=me')
|
2022-11-27 15:03:10 +00:00
|
|
|
self.assertEqual(302, got.status_code)
|
|
|
|
|
self.assertEqual('https://bar/follow?uri=@me@me',
|
|
|
|
|
got.headers['Location'])
|
|
|
|
|
|
|
|
|
|
mock_get.assert_has_calls((
|
|
|
|
|
self.req('https://bar/.well-known/webfinger?resource=acct:foo@bar'),
|
|
|
|
|
))
|
|
|
|
|
|
|
|
|
|
def test_follow_url(self, mock_get):
|
|
|
|
|
mock_get.return_value = WEBFINGER
|
2023-01-07 17:34:55 +00:00
|
|
|
got = self.client.post('/remote-follow?address=https://bar/foo&domain=me')
|
2022-11-27 15:03:10 +00:00
|
|
|
self.assertEqual(302, got.status_code)
|
|
|
|
|
self.assertEqual('https://bar/follow?uri=@me@me', got.headers['Location'])
|
|
|
|
|
|
|
|
|
|
mock_get.assert_has_calls((
|
|
|
|
|
self.req('https://bar/.well-known/webfinger?resource=https://bar/foo'),
|
|
|
|
|
))
|
|
|
|
|
|
|
|
|
|
def test_follow_no_webfinger_subscribe_link(self, mock_get):
|
|
|
|
|
mock_get.return_value = requests_response({
|
|
|
|
|
'subject': 'acct:foo@bar',
|
|
|
|
|
'links': [{'rel': 'other', 'template': 'meh'}],
|
|
|
|
|
})
|
|
|
|
|
|
2023-01-07 17:34:55 +00:00
|
|
|
got = self.client.post('/remote-follow?address=https://bar/foo&domain=me')
|
2022-11-27 15:03:10 +00:00
|
|
|
self.assertEqual(302, got.status_code)
|
|
|
|
|
self.assertEqual('/user/me', got.headers['Location'])
|
|
|
|
|
|
|
|
|
|
def test_follow_no_webfinger_subscribe_link(self, mock_get):
|
|
|
|
|
mock_get.return_value = requests_response(status_code=500)
|
|
|
|
|
|
2023-01-07 17:34:55 +00:00
|
|
|
got = self.client.post('/remote-follow?address=https://bar/foo&domain=me')
|
2022-11-27 15:03:10 +00:00
|
|
|
self.assertEqual(302, got.status_code)
|
|
|
|
|
self.assertEqual('/user/me', got.headers['Location'])
|
|
|
|
|
|
|
|
|
|
def test_follow_no_webfinger_subscribe_link(self, mock_get):
|
|
|
|
|
mock_get.return_value = requests_response('<html>not json</html>')
|
|
|
|
|
|
2023-01-07 17:34:55 +00:00
|
|
|
got = self.client.post('/remote-follow?address=https://bar/foo&domain=me')
|
2022-11-27 15:03:10 +00:00
|
|
|
self.assertEqual(302, got.status_code)
|
|
|
|
|
self.assertEqual('/user/me', got.headers['Location'])
|
2023-01-07 17:34:55 +00:00
|
|
|
|
|
|
|
|
|
|
|
|
|
@patch('requests.post')
|
|
|
|
|
@patch('requests.get')
|
2023-01-10 03:01:48 +00:00
|
|
|
class FollowTest(testutil.TestCase):
|
2023-01-07 17:34:55 +00:00
|
|
|
|
2023-02-18 00:12:25 +00:00
|
|
|
def setUp(self):
|
|
|
|
|
super().setUp()
|
2023-03-10 23:13:45 +00:00
|
|
|
self.user = self.make_user('alice.com')
|
2023-02-18 00:12:25 +00:00
|
|
|
self.state = {
|
|
|
|
|
'endpoint': 'http://auth/endpoint',
|
|
|
|
|
'me': 'https://alice.com',
|
|
|
|
|
'state': '@foo@bar',
|
|
|
|
|
}
|
|
|
|
|
|
2023-01-07 17:34:55 +00:00
|
|
|
def test_start(self, mock_get, _):
|
2023-02-05 04:45:29 +00:00
|
|
|
mock_get.return_value = requests_response('') # IndieAuth endpoint discovery
|
|
|
|
|
|
2023-01-07 17:34:55 +00:00
|
|
|
resp = self.client.post('/follow/start', data={
|
2023-02-07 03:23:25 +00:00
|
|
|
'me': 'https://alice.com',
|
2023-01-07 17:34:55 +00:00
|
|
|
'address': '@foo@bar',
|
|
|
|
|
})
|
|
|
|
|
self.assertEqual(302, resp.status_code)
|
|
|
|
|
self.assertTrue(resp.headers['Location'].startswith(indieauth.INDIEAUTH_URL),
|
|
|
|
|
resp.headers['Location'])
|
|
|
|
|
|
2023-01-08 23:43:32 +00:00
|
|
|
def test_callback_address(self, mock_get, mock_post):
|
2023-01-10 03:01:48 +00:00
|
|
|
mock_get.side_effect = (
|
2023-02-07 03:23:25 +00:00
|
|
|
# oauth-dropins indieauth https://alice.com fetch for user json
|
2023-01-10 03:01:48 +00:00
|
|
|
requests_response(''),
|
|
|
|
|
WEBFINGER,
|
|
|
|
|
self.as2_resp(FOLLOWEE),
|
|
|
|
|
)
|
2023-02-18 00:12:25 +00:00
|
|
|
mock_post.side_effect = (
|
|
|
|
|
requests_response('me=https://alice.com'),
|
|
|
|
|
requests_response('OK'), # AP Follow to inbox
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
state = util.encode_oauth_state(self.state)
|
|
|
|
|
resp = self.client.get(f'/follow/callback?code=my_code&state={state}')
|
|
|
|
|
self.check('@foo@bar', resp, FOLLOW_ADDRESS, mock_get, mock_post)
|
2023-01-08 23:43:32 +00:00
|
|
|
mock_get.assert_has_calls((
|
|
|
|
|
self.req('https://bar/.well-known/webfinger?resource=acct:foo@bar'),
|
|
|
|
|
))
|
|
|
|
|
|
|
|
|
|
def test_callback_url(self, mock_get, mock_post):
|
2023-01-10 03:01:48 +00:00
|
|
|
mock_get.side_effect = (
|
|
|
|
|
requests_response(''),
|
|
|
|
|
self.as2_resp(FOLLOWEE),
|
|
|
|
|
)
|
2023-01-07 17:34:55 +00:00
|
|
|
mock_post.side_effect = (
|
2023-02-07 03:23:25 +00:00
|
|
|
requests_response('me=https://alice.com'),
|
2023-01-07 17:34:55 +00:00
|
|
|
requests_response('OK'), # AP Follow to inbox
|
|
|
|
|
)
|
|
|
|
|
|
2023-02-18 00:12:25 +00:00
|
|
|
self.state['state'] = 'https://bar/actor'
|
|
|
|
|
state = util.encode_oauth_state(self.state)
|
2023-02-09 04:22:16 +00:00
|
|
|
resp = self.client.get(f'/follow/callback?code=my_code&state={state}')
|
2023-02-18 00:12:25 +00:00
|
|
|
self.check('https://bar/actor', resp, FOLLOW_URL, mock_get, mock_post)
|
|
|
|
|
|
|
|
|
|
def check(self, input, resp, expected_follow, mock_get, mock_post):
|
2023-02-09 04:22:16 +00:00
|
|
|
self.assertEqual(302, resp.status_code)
|
|
|
|
|
self.assertEqual('/user/alice.com/following',resp.headers['Location'])
|
|
|
|
|
self.assertEqual([f'Followed <a href="https://bar/url">{input}</a>.'],
|
|
|
|
|
get_flashed_messages())
|
2023-01-07 17:34:55 +00:00
|
|
|
|
|
|
|
|
mock_get.assert_has_calls((
|
|
|
|
|
self.as2_req('https://bar/actor'),
|
|
|
|
|
))
|
2023-02-18 00:12:25 +00:00
|
|
|
inbox_args, inbox_kwargs = mock_post.call_args
|
2023-01-07 17:34:55 +00:00
|
|
|
self.assertEqual(('http://bar/inbox',), inbox_args)
|
2023-01-08 02:00:19 +00:00
|
|
|
self.assert_equals(expected_follow, json_loads(inbox_kwargs['data']))
|
2023-01-07 17:34:55 +00:00
|
|
|
|
2023-02-07 03:23:25 +00:00
|
|
|
# check that we signed with the follower's key
|
|
|
|
|
sig_template = inbox_kwargs['auth'].header_signer.signature_template
|
|
|
|
|
self.assertTrue(sig_template.startswith('keyId="http://localhost/alice.com"'),
|
|
|
|
|
sig_template)
|
|
|
|
|
|
2023-01-07 17:34:55 +00:00
|
|
|
followers = Follower.query().fetch()
|
2023-01-08 20:03:56 +00:00
|
|
|
self.assert_entities_equal(
|
2023-02-24 13:25:29 +00:00
|
|
|
Follower(id='https://bar/id alice.com', last_follow=expected_follow,
|
2023-02-07 03:23:25 +00:00
|
|
|
src='alice.com', dest='https://bar/id', status='active'),
|
2023-01-08 20:03:56 +00:00
|
|
|
followers,
|
|
|
|
|
ignore=['created', 'updated'])
|
2023-01-07 17:34:55 +00:00
|
|
|
|
2023-02-07 03:23:25 +00:00
|
|
|
id = f'http://localhost/user/alice.com/following#2022-01-02T03:04:05-{input}'
|
|
|
|
|
self.assert_object(id, domains=['alice.com'], status='complete',
|
2023-02-01 20:22:04 +00:00
|
|
|
labels=['user', 'activity'], source_protocol='ui',
|
|
|
|
|
as2=expected_follow, as1=as2.to_as1(expected_follow))
|
2023-01-08 02:00:19 +00:00
|
|
|
|
2023-02-18 00:12:25 +00:00
|
|
|
self.assertEqual('https://alice.com', session['indieauthed-me'])
|
|
|
|
|
|
2023-01-07 17:34:55 +00:00
|
|
|
def test_callback_missing_user(self, mock_get, mock_post):
|
2023-02-18 00:12:25 +00:00
|
|
|
self.user.key.delete()
|
2023-02-07 03:23:25 +00:00
|
|
|
mock_post.return_value = requests_response('me=https://alice.com')
|
2023-02-18 00:12:25 +00:00
|
|
|
state = util.encode_oauth_state(self.state)
|
2023-02-09 04:22:16 +00:00
|
|
|
resp = self.client.get(f'/follow/callback?code=my_code&state={state}')
|
|
|
|
|
self.assertEqual(400, resp.status_code)
|
2023-01-10 03:01:48 +00:00
|
|
|
|
2023-02-05 03:11:06 +00:00
|
|
|
def test_callback_user_use_instead(self, mock_get, mock_post):
|
2023-03-10 23:13:45 +00:00
|
|
|
user = self.make_user('www.alice.com')
|
2023-02-18 00:12:25 +00:00
|
|
|
self.user.use_instead = user.key
|
|
|
|
|
user.put()
|
2023-02-05 03:11:06 +00:00
|
|
|
|
|
|
|
|
mock_get.side_effect = (
|
|
|
|
|
requests_response(''),
|
|
|
|
|
self.as2_resp(FOLLOWEE),
|
|
|
|
|
)
|
|
|
|
|
mock_post.side_effect = (
|
2023-02-07 03:23:25 +00:00
|
|
|
requests_response('me=https://alice.com'),
|
2023-02-05 03:11:06 +00:00
|
|
|
requests_response('OK'), # AP Follow to inbox
|
|
|
|
|
)
|
|
|
|
|
|
2023-02-18 00:12:25 +00:00
|
|
|
self.state['state'] = 'https://bar/actor'
|
|
|
|
|
state = util.encode_oauth_state(self.state)
|
2023-02-09 04:22:16 +00:00
|
|
|
resp = self.client.get(f'/follow/callback?code=my_code&state={state}')
|
|
|
|
|
self.assertEqual(302, resp.status_code)
|
|
|
|
|
self.assertEqual('/user/www.alice.com/following', resp.headers['Location'])
|
2023-02-06 04:59:39 +00:00
|
|
|
|
2023-02-07 03:23:25 +00:00
|
|
|
id = 'http://localhost/user/www.alice.com/following#2022-01-02T03:04:05-https://bar/actor'
|
2023-02-06 04:59:39 +00:00
|
|
|
expected_follow = {
|
|
|
|
|
'@context': 'https://www.w3.org/ns/activitystreams',
|
|
|
|
|
'type': 'Follow',
|
|
|
|
|
'id': id,
|
2023-02-07 03:23:25 +00:00
|
|
|
'actor': 'http://localhost/www.alice.com',
|
2023-02-06 04:59:39 +00:00
|
|
|
'object': FOLLOWEE,
|
|
|
|
|
'to': [as2.PUBLIC_AUDIENCE],
|
|
|
|
|
}
|
|
|
|
|
followers = Follower.query().fetch()
|
|
|
|
|
self.assert_entities_equal(
|
2023-02-24 13:25:29 +00:00
|
|
|
Follower(id='https://bar/id www.alice.com', last_follow=expected_follow,
|
2023-02-07 03:23:25 +00:00
|
|
|
src='www.alice.com', dest='https://bar/id', status='active'),
|
2023-02-06 04:59:39 +00:00
|
|
|
followers,
|
|
|
|
|
ignore=['created', 'updated'])
|
|
|
|
|
|
2023-02-07 03:23:25 +00:00
|
|
|
self.assert_object(id, domains=['www.alice.com'], status='complete',
|
2023-02-06 04:59:39 +00:00
|
|
|
labels=['user', 'activity'], source_protocol='ui',
|
|
|
|
|
as2=expected_follow, as1=as2.to_as1(expected_follow))
|
2023-02-05 03:11:06 +00:00
|
|
|
|
2023-02-18 00:12:25 +00:00
|
|
|
def test_indieauthed_session(self, mock_get, mock_post):
|
|
|
|
|
mock_get.side_effect = (
|
|
|
|
|
self.as2_resp(FOLLOWEE),
|
|
|
|
|
)
|
|
|
|
|
mock_post.side_effect = (
|
|
|
|
|
requests_response('OK'), # AP Follow to inbox
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
with self.client.session_transaction() as ctx_session:
|
|
|
|
|
ctx_session['indieauthed-me'] = 'https://alice.com'
|
|
|
|
|
|
|
|
|
|
resp = self.client.post('/follow/start', data={
|
|
|
|
|
'me': 'https://alice.com',
|
|
|
|
|
'address': 'https://bar/actor',
|
|
|
|
|
})
|
|
|
|
|
self.check('https://bar/actor', resp, FOLLOW_URL, mock_get, mock_post)
|
|
|
|
|
|
|
|
|
|
def test_indieauthed_session_wrong_me(self, mock_get, mock_post):
|
|
|
|
|
mock_get.side_effect = (
|
|
|
|
|
requests_response(''), # IndieAuth endpoint discovery
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
with self.client.session_transaction() as ctx_session:
|
|
|
|
|
ctx_session['indieauthed-me'] = 'https://eve.com'
|
|
|
|
|
|
|
|
|
|
resp = self.client.post('/follow/start', data={
|
|
|
|
|
'me': 'https://alice.com',
|
|
|
|
|
'address': 'https://bar/actor',
|
|
|
|
|
})
|
|
|
|
|
self.assertEqual(302, resp.status_code)
|
|
|
|
|
self.assertTrue(resp.headers['Location'].startswith(indieauth.INDIEAUTH_URL),
|
|
|
|
|
resp.headers['Location'])
|
|
|
|
|
|
2023-01-10 03:01:48 +00:00
|
|
|
|
|
|
|
|
@patch('requests.post')
|
|
|
|
|
@patch('requests.get')
|
|
|
|
|
class UnfollowTest(testutil.TestCase):
|
|
|
|
|
|
|
|
|
|
def setUp(self):
|
|
|
|
|
super().setUp()
|
2023-03-10 23:13:45 +00:00
|
|
|
self.user = self.make_user('alice.com')
|
2023-01-10 03:01:48 +00:00
|
|
|
self.follower = Follower(
|
2023-02-24 13:25:29 +00:00
|
|
|
id='https://bar/id alice.com', last_follow=FOLLOW_ADDRESS,
|
2023-02-07 03:23:25 +00:00
|
|
|
src='alice.com', dest='https://bar/id', status='active',
|
2023-01-10 03:01:48 +00:00
|
|
|
).put()
|
2023-02-18 00:12:25 +00:00
|
|
|
self.state = util.encode_oauth_state({
|
|
|
|
|
'endpoint': 'http://auth/endpoint',
|
|
|
|
|
'me': 'https://alice.com',
|
|
|
|
|
'state': self.follower.id(),
|
|
|
|
|
})
|
|
|
|
|
|
2023-01-10 03:01:48 +00:00
|
|
|
|
|
|
|
|
def test_start(self, mock_get, _):
|
2023-02-05 04:45:29 +00:00
|
|
|
mock_get.return_value = requests_response('') # IndieAuth endpoint discovery
|
|
|
|
|
|
2023-01-10 03:01:48 +00:00
|
|
|
resp = self.client.post('/unfollow/start', data={
|
2023-02-07 03:23:25 +00:00
|
|
|
'me': 'https://alice.com',
|
2023-01-10 03:01:48 +00:00
|
|
|
'key': self.follower.id(),
|
|
|
|
|
})
|
|
|
|
|
self.assertEqual(302, resp.status_code)
|
|
|
|
|
self.assertTrue(resp.headers['Location'].startswith(indieauth.INDIEAUTH_URL),
|
|
|
|
|
resp.headers['Location'])
|
|
|
|
|
|
|
|
|
|
def test_callback(self, mock_get, mock_post):
|
2023-02-18 00:12:25 +00:00
|
|
|
# oauth-dropins indieauth https://alice.com fetch for user json
|
2023-02-05 05:23:04 +00:00
|
|
|
mock_get.return_value = requests_response('')
|
2023-02-18 00:12:25 +00:00
|
|
|
mock_post.side_effect = (
|
|
|
|
|
requests_response('me=https://alice.com'),
|
|
|
|
|
requests_response('OK'), # AP Undo Follow to inbox
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
resp = self.client.get(f'/unfollow/callback?code=my_code&state={self.state}')
|
|
|
|
|
self.check(resp, UNDO_FOLLOW, mock_get, mock_post)
|
2023-02-05 05:23:04 +00:00
|
|
|
|
|
|
|
|
def test_callback_last_follow_object_str(self, mock_get, mock_post):
|
|
|
|
|
follower = self.follower.get()
|
2023-02-24 13:25:29 +00:00
|
|
|
follower.last_follow = {
|
2023-02-05 05:23:04 +00:00
|
|
|
**FOLLOW_ADDRESS,
|
|
|
|
|
'object': FOLLOWEE['id'],
|
2023-02-24 13:25:29 +00:00
|
|
|
}
|
2023-02-05 05:23:04 +00:00
|
|
|
follower.put()
|
|
|
|
|
|
|
|
|
|
mock_get.side_effect = (
|
2023-02-18 00:12:25 +00:00
|
|
|
# oauth-dropins indieauth https://alice.com fetch for user json
|
2023-02-05 05:23:04 +00:00
|
|
|
requests_response(''),
|
2023-02-18 00:12:25 +00:00
|
|
|
# actor fetch to discover inbox
|
|
|
|
|
self.as2_resp(FOLLOWEE),
|
2023-02-05 05:23:04 +00:00
|
|
|
)
|
2023-01-10 03:01:48 +00:00
|
|
|
mock_post.side_effect = (
|
2023-02-07 03:23:25 +00:00
|
|
|
requests_response('me=https://alice.com'),
|
2023-01-10 03:01:48 +00:00
|
|
|
requests_response('OK'), # AP Undo Follow to inbox
|
|
|
|
|
)
|
|
|
|
|
|
2023-02-18 00:12:25 +00:00
|
|
|
undo = copy.deepcopy(UNDO_FOLLOW)
|
|
|
|
|
undo['object']['object'] = FOLLOWEE['id']
|
|
|
|
|
|
|
|
|
|
resp = self.client.get(f'/unfollow/callback?code=my_code&state={self.state}')
|
|
|
|
|
self.check(resp, undo, mock_get, mock_post)
|
|
|
|
|
|
|
|
|
|
def check(self, resp, expected_undo, mock_get, mock_post):
|
2023-02-09 04:22:16 +00:00
|
|
|
self.assertEqual(302, resp.status_code)
|
|
|
|
|
self.assertEqual('/user/alice.com/following', resp.headers['Location'])
|
|
|
|
|
self.assertEqual([f'Unfollowed <a href="https://bar/url">bar/url</a>.'],
|
|
|
|
|
get_flashed_messages())
|
2023-01-10 03:01:48 +00:00
|
|
|
|
2023-02-18 00:12:25 +00:00
|
|
|
inbox_args, inbox_kwargs = mock_post.call_args
|
2023-01-10 03:01:48 +00:00
|
|
|
self.assertEqual(('http://bar/inbox',), inbox_args)
|
2023-02-05 05:23:04 +00:00
|
|
|
self.assert_equals(expected_undo, json_loads(inbox_kwargs['data']))
|
2023-01-10 03:01:48 +00:00
|
|
|
|
2023-02-07 03:23:25 +00:00
|
|
|
# check that we signed with the follower's key
|
|
|
|
|
sig_template = inbox_kwargs['auth'].header_signer.signature_template
|
|
|
|
|
self.assertTrue(sig_template.startswith('keyId="http://localhost/alice.com"'),
|
|
|
|
|
sig_template)
|
|
|
|
|
|
|
|
|
|
follower = Follower.get_by_id('https://bar/id alice.com')
|
2023-01-10 03:01:48 +00:00
|
|
|
self.assertEqual('inactive', follower.status)
|
|
|
|
|
|
2023-02-01 20:22:04 +00:00
|
|
|
self.assert_object(
|
2023-02-07 03:23:25 +00:00
|
|
|
'http://localhost/user/alice.com/following#undo-2022-01-02T03:04:05-https://bar/id',
|
|
|
|
|
domains=['alice.com'], status='complete',
|
2023-02-01 20:22:04 +00:00
|
|
|
source_protocol='ui', labels=['user', 'activity'],
|
2023-02-24 03:17:26 +00:00
|
|
|
as2=expected_undo,
|
|
|
|
|
as1=as2.to_as1(expected_undo))
|
2023-02-06 04:59:39 +00:00
|
|
|
|
2023-02-18 00:12:25 +00:00
|
|
|
self.assertEqual('https://alice.com', session['indieauthed-me'])
|
|
|
|
|
|
2023-02-06 04:59:39 +00:00
|
|
|
def test_callback_user_use_instead(self, mock_get, mock_post):
|
2023-03-10 23:13:45 +00:00
|
|
|
user = self.make_user('www.alice.com')
|
2023-02-18 00:12:25 +00:00
|
|
|
self.user.use_instead = user.key
|
|
|
|
|
self.user.put()
|
2023-02-06 04:59:39 +00:00
|
|
|
|
|
|
|
|
self.follower = Follower(
|
2023-02-24 13:25:29 +00:00
|
|
|
id='https://bar/id www.alice.com', last_follow=FOLLOW_ADDRESS,
|
2023-02-07 03:23:25 +00:00
|
|
|
src='www.alice.com', dest='https://bar/id', status='active',
|
2023-02-06 04:59:39 +00:00
|
|
|
).put()
|
|
|
|
|
|
|
|
|
|
mock_get.side_effect = (
|
|
|
|
|
requests_response(''),
|
|
|
|
|
self.as2_resp(FOLLOWEE),
|
|
|
|
|
)
|
|
|
|
|
mock_post.side_effect = (
|
2023-02-07 03:23:25 +00:00
|
|
|
requests_response('me=https://alice.com'),
|
2023-02-06 04:59:39 +00:00
|
|
|
requests_response('OK'), # AP Undo Follow to inbox
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
state = util.encode_oauth_state({
|
|
|
|
|
'endpoint': 'http://auth/endpoint',
|
2023-02-07 03:23:25 +00:00
|
|
|
'me': 'https://alice.com',
|
2023-02-06 04:59:39 +00:00
|
|
|
'state': self.follower.id(),
|
|
|
|
|
})
|
2023-02-09 04:22:16 +00:00
|
|
|
resp = self.client.get(f'/unfollow/callback?code=my_code&state={state}')
|
|
|
|
|
self.assertEqual(302, resp.status_code)
|
|
|
|
|
self.assertEqual('/user/www.alice.com/following', resp.headers['Location'])
|
2023-02-06 04:59:39 +00:00
|
|
|
|
2023-02-07 03:23:25 +00:00
|
|
|
id = 'http://localhost/user/www.alice.com/following#undo-2022-01-02T03:04:05-https://bar/id'
|
2023-02-06 04:59:39 +00:00
|
|
|
expected_undo = {
|
|
|
|
|
'@context': 'https://www.w3.org/ns/activitystreams',
|
|
|
|
|
'type': 'Undo',
|
|
|
|
|
'id': id,
|
2023-02-07 03:23:25 +00:00
|
|
|
'actor': 'http://localhost/www.alice.com',
|
2023-02-06 04:59:39 +00:00
|
|
|
'object': FOLLOW_ADDRESS,
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
inbox_args, inbox_kwargs = mock_post.call_args_list[1]
|
|
|
|
|
self.assertEqual(('http://bar/inbox',), inbox_args)
|
|
|
|
|
self.assert_equals(expected_undo, json_loads(inbox_kwargs['data']))
|
|
|
|
|
|
2023-02-07 03:23:25 +00:00
|
|
|
follower = Follower.get_by_id('https://bar/id www.alice.com')
|
2023-02-06 04:59:39 +00:00
|
|
|
self.assertEqual('inactive', follower.status)
|
|
|
|
|
|
2023-02-07 03:23:25 +00:00
|
|
|
self.assert_object(id, domains=['www.alice.com'], status='complete',
|
2023-02-06 04:59:39 +00:00
|
|
|
source_protocol='ui', labels=['user', 'activity'],
|
|
|
|
|
as2=expected_undo, as1=as2.to_as1(expected_undo))
|
2023-02-18 00:12:25 +00:00
|
|
|
|
|
|
|
|
def test_indieauthed_session(self, mock_get, mock_post):
|
|
|
|
|
# oauth-dropins indieauth https://alice.com fetch for user json
|
|
|
|
|
mock_get.return_value = requests_response('')
|
|
|
|
|
mock_post.side_effect = (
|
|
|
|
|
requests_response('OK'), # AP Undo Follow to inbox
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
with self.client.session_transaction() as ctx_session:
|
|
|
|
|
ctx_session['indieauthed-me'] = 'https://alice.com'
|
|
|
|
|
|
|
|
|
|
resp = self.client.post('/unfollow/start', data={
|
|
|
|
|
'me': 'https://alice.com',
|
|
|
|
|
'key': self.follower.id(),
|
|
|
|
|
})
|
|
|
|
|
self.check(resp, UNDO_FOLLOW, mock_get, mock_post)
|
|
|
|
|
|
|
|
|
|
def test_indieauthed_session_wrong_me(self, mock_get, mock_post):
|
|
|
|
|
mock_get.side_effect = (
|
|
|
|
|
requests_response(''), # IndieAuth endpoint discovery
|
|
|
|
|
)
|
|
|
|
|
|
|
|
|
|
with self.client.session_transaction() as ctx_session:
|
|
|
|
|
ctx_session['indieauthed-me'] = 'https://eve.com'
|
|
|
|
|
|
|
|
|
|
resp = self.client.post('/unfollow/start', data={
|
|
|
|
|
'me': 'https://alice.com',
|
|
|
|
|
'key': self.follower.id(),
|
|
|
|
|
})
|
|
|
|
|
self.assertEqual(302, resp.status_code)
|
|
|
|
|
self.assertTrue(resp.headers['Location'].startswith(indieauth.INDIEAUTH_URL),
|
|
|
|
|
resp.headers['Location'])
|
