diff --git a/front/edit.go b/front/edit.go index ca44e57d..49d3908d 100644 --- a/front/edit.go +++ b/front/edit.go @@ -42,6 +42,17 @@ func edit(w text.Writer, r *request) { return } + content, err := url.QueryUnescape(r.URL.RawQuery) + if err != nil { + w.Status(40, "Bad input") + return + } + + if len(content) > cfg.MaxPostsLength { + w.Status(40, "Post is too long") + return + } + hash := filepath.Base(r.URL.Path) var noteString string @@ -81,17 +92,6 @@ func edit(w text.Writer, r *request) { return } - content, err := url.QueryUnescape(r.URL.RawQuery) - if err != nil { - w.Error() - return - } - - if len(content) > cfg.MaxPostsLength { - w.Status(40, "Post is too long") - return - } - if err := fed.Edit(r.Context, r.DB, ¬e, plain.ToHTML(content)); err != nil { r.Log.Error("Failed to update post", "note", note.ID, "error", err) w.Error() diff --git a/front/inbox.go b/front/inbox.go index b3a9a08b..5a325878 100644 --- a/front/inbox.go +++ b/front/inbox.go @@ -27,7 +27,7 @@ import ( func dailyPosts(w text.Writer, r *request, day time.Time) { if r.User == nil { - w.Status(61, "Peer certificate is required") + w.Redirect("/users") return } @@ -106,7 +106,7 @@ func dailyPosts(w text.Writer, r *request, day time.Time) { where notes.inserted >= $4 and notes.inserted < $4 + 60*60*24 and - (follows.followed is not null or myposts.id is not null) + (follows.followed is not null or (myposts.id is not null and notes.author != $1)) group by notes.id order by notes.inserted / 86400 desc, diff --git a/test/delete_test.go b/test/delete_test.go new file mode 100644 index 00000000..c1525772 --- /dev/null +++ b/test/delete_test.go @@ -0,0 +1,89 @@ +/* +Copyright 2023 Dima Krasner + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package test + +import ( + "crypto/sha256" + "fmt" + "github.com/stretchr/testify/assert" + "testing" +) + +func TestDelete_HappyFlow(t *testing.T) { + server := newTestServer() + defer server.Shutdown() + + say := server.Handle("/users/say?Hello%20world", server.Alice) + assert.Regexp(t, "30 /users/view/[0-9a-f]{64}", say) + + hash := say[15 : len(say)-2] + + view := server.Handle("/users/view/"+hash, server.Bob) + assert.Contains(t, view, "Hello world") + + delete := server.Handle("/users/delete/"+hash, server.Alice) + assert.Equal(t, fmt.Sprintf("30 /users/outbox/%x\r\n", sha256.Sum256([]byte(server.Alice.ID))), delete) + + view = server.Handle("/users/view/"+hash, server.Alice) + assert.Equal(t, view, "40 Post not found\r\n") +} + +func TestDelete_NotAuthor(t *testing.T) { + server := newTestServer() + defer server.Shutdown() + + say := server.Handle("/users/say?Hello%20world", server.Alice) + assert.Regexp(t, "30 /users/view/[0-9a-f]{64}", say) + + hash := say[15 : len(say)-2] + + view := server.Handle("/users/view/"+hash, server.Bob) + assert.Contains(t, view, "Hello world") + + delete := server.Handle("/users/delete/"+hash, server.Bob) + assert.Equal(t, delete, "40 Error\r\n") + + view = server.Handle("/users/view/"+hash, server.Alice) + assert.Contains(t, view, "Hello world") +} + +func TestDelete_NoSuchPost(t *testing.T) { + server := newTestServer() + defer server.Shutdown() + + delete := server.Handle("/users/delete/87428fc522803d31065e7bce3cf03fe475096631e5e07bbd7a0fde60c4cf25c7", server.Alice) + assert.Equal(t, delete, "40 Error\r\n") +} + +func TestDelete_UnauthenticatedUser(t *testing.T) { + server := newTestServer() + defer server.Shutdown() + + say := server.Handle("/users/say?Hello%20world", server.Alice) + assert.Regexp(t, "30 /users/view/[0-9a-f]{64}", say) + + hash := say[15 : len(say)-2] + + view := server.Handle("/users/view/"+hash, server.Bob) + assert.Contains(t, view, "Hello world") + + delete := server.Handle("/users/delete/"+hash, nil) + assert.Equal(t, delete, "30 /users\r\n") + + view = server.Handle("/users/view/"+hash, server.Alice) + assert.Contains(t, view, "Hello world") +} diff --git a/test/dm_test.go b/test/dm_test.go index 727e3808..3225206f 100644 --- a/test/dm_test.go +++ b/test/dm_test.go @@ -41,14 +41,22 @@ func TestDM_Loopback(t *testing.T) { server := newTestServer() defer server.Shutdown() - resp := server.Handle(fmt.Sprintf("/users/dm/%x?Hello%%20world", sha256.Sum256([]byte(server.Alice.ID))), server.Alice) - assert.Regexp(t, "40 [^\r\n]+\r\n", resp) + dm := server.Handle(fmt.Sprintf("/users/dm/%x?Hello%%20world", sha256.Sum256([]byte(server.Alice.ID))), server.Alice) + assert.Equal(t, "40 Error\r\n", dm) } func TestDM_NotFollowed(t *testing.T) { server := newTestServer() defer server.Shutdown() - resp := server.Handle(fmt.Sprintf("/users/dm/%x?Hello%%20world", sha256.Sum256([]byte(server.Alice.ID))), server.Bob) - assert.Regexp(t, "40 [^\r\n]+\r\n", resp) + dm := server.Handle(fmt.Sprintf("/users/dm/%x?Hello%%20world", sha256.Sum256([]byte(server.Alice.ID))), server.Bob) + assert.Equal(t, "40 Error\r\n", dm) +} + +func TestDM_NoSuchUser(t *testing.T) { + server := newTestServer() + defer server.Shutdown() + + dm := server.Handle("/users/dm/87428fc522803d31065e7bce3cf03fe475096631e5e07bbd7a0fde60c4cf25c7?Hello%20world", server.Bob) + assert.Equal(t, "40 User does not exist\r\n", dm) } diff --git a/test/edit_test.go b/test/edit_test.go new file mode 100644 index 00000000..882c9df8 --- /dev/null +++ b/test/edit_test.go @@ -0,0 +1,230 @@ +/* +Copyright 2023 Dima Krasner + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package test + +import ( + "crypto/sha256" + "fmt" + "github.com/stretchr/testify/assert" + "testing" + "time" +) + +func TestEdit_Throttling(t *testing.T) { + server := newTestServer() + defer server.Shutdown() + + follow := server.Handle(fmt.Sprintf("/users/follow/%x", sha256.Sum256([]byte(server.Bob.ID))), server.Alice) + assert.Equal(t, fmt.Sprintf("30 /users/outbox/%x\r\n", sha256.Sum256([]byte(server.Bob.ID))), follow) + + users := server.Handle("/users", server.Alice) + assert.Contains(t, users, "Nothing to see! Are you following anyone?") + assert.NotContains(t, users, "1 post") + + whisper := server.Handle("/users/whisper?Hello%20world", server.Bob) + assert.Regexp(t, "30 /users/view/[0-9a-f]{64}", whisper) + + hash := whisper[15 : len(whisper)-2] + + edit := server.Handle(fmt.Sprintf("/users/edit/%s?Hello%%20followers", hash), server.Bob) + assert.Equal(t, "40 Please try again later\r\n", edit) + + users = server.Handle("/users", server.Alice) + assert.NotContains(t, users, "Nothing to see! Are you following anyone?") + assert.Contains(t, users, "1 post") + + today := server.Handle("/users/inbox/today", server.Alice) + assert.Contains(t, today, "Hello world") +} + +func TestEdit_HappyFlow(t *testing.T) { + server := newTestServer() + defer server.Shutdown() + + follow := server.Handle(fmt.Sprintf("/users/follow/%x", sha256.Sum256([]byte(server.Bob.ID))), server.Alice) + assert.Equal(t, fmt.Sprintf("30 /users/outbox/%x\r\n", sha256.Sum256([]byte(server.Bob.ID))), follow) + + users := server.Handle("/users", server.Alice) + assert.Contains(t, users, "Nothing to see! Are you following anyone?") + assert.NotContains(t, users, "1 post") + + whisper := server.Handle("/users/whisper?Hello%20world", server.Bob) + assert.Regexp(t, "30 /users/view/[0-9a-f]{64}", whisper) + + hash := whisper[15 : len(whisper)-2] + + server.db.Exec("update notes set inserted = inserted - 3600, object = json_set(object, '$.published', ?) where hash = ?", time.Now().Add(-time.Hour).Format(time.RFC3339Nano), hash) + + edit := server.Handle(fmt.Sprintf("/users/edit/%s?Hello%%20followers", hash), server.Bob) + assert.Equal(t, fmt.Sprintf("30 /users/view/%s\r\n", hash), edit) + + users = server.Handle("/users", server.Alice) + assert.NotContains(t, users, "Nothing to see! Are you following anyone?") + assert.Contains(t, users, "1 post") + + today := server.Handle("/users/inbox/today", server.Alice) + assert.Contains(t, today, "Hello followers") + + edit = server.Handle(fmt.Sprintf("/users/edit/%s?Hello,%%20followers", hash), server.Bob) + assert.Equal(t, "40 Please try again later\r\n", edit) + + users = server.Handle("/users", server.Alice) + assert.NotContains(t, users, "Nothing to see! Are you following anyone?") + assert.Contains(t, users, "1 post") + + today = server.Handle("/users/inbox/today", server.Alice) + assert.Contains(t, today, "Hello followers") +} + +func TestEdit_EmptyContent(t *testing.T) { + server := newTestServer() + defer server.Shutdown() + + follow := server.Handle(fmt.Sprintf("/users/follow/%x", sha256.Sum256([]byte(server.Bob.ID))), server.Alice) + assert.Equal(t, fmt.Sprintf("30 /users/outbox/%x\r\n", sha256.Sum256([]byte(server.Bob.ID))), follow) + + users := server.Handle("/users", server.Alice) + assert.Contains(t, users, "Nothing to see! Are you following anyone?") + assert.NotContains(t, users, "1 post") + + whisper := server.Handle("/users/whisper?Hello%20world", server.Bob) + assert.Regexp(t, "30 /users/view/[0-9a-f]{64}", whisper) + + hash := whisper[15 : len(whisper)-2] + + server.db.Exec("update notes set inserted = inserted - 3600, object = json_set(object, '$.published', ?) where hash = ?", time.Now().Add(-time.Hour).Format(time.RFC3339Nano), hash) + + edit := server.Handle(fmt.Sprintf("/users/edit/%s?", hash), server.Bob) + assert.Equal(t, "10 Post content\r\n", edit) + + users = server.Handle("/users", server.Alice) + assert.NotContains(t, users, "Nothing to see! Are you following anyone?") + assert.Contains(t, users, "1 post") + + today := server.Handle("/users/inbox/today", server.Alice) + assert.Contains(t, today, "Hello world") +} + +func TestEdit_LongContent(t *testing.T) { + server := newTestServer() + defer server.Shutdown() + + follow := server.Handle(fmt.Sprintf("/users/follow/%x", sha256.Sum256([]byte(server.Bob.ID))), server.Alice) + assert.Equal(t, fmt.Sprintf("30 /users/outbox/%x\r\n", sha256.Sum256([]byte(server.Bob.ID))), follow) + + users := server.Handle("/users", server.Alice) + assert.Contains(t, users, "Nothing to see! Are you following anyone?") + assert.NotContains(t, users, "1 post") + + whisper := server.Handle("/users/whisper?Hello%20world", server.Bob) + assert.Regexp(t, "30 /users/view/[0-9a-f]{64}", whisper) + + hash := whisper[15 : len(whisper)-2] + + server.db.Exec("update notes set inserted = inserted - 3600, object = json_set(object, '$.published', ?) where hash = ?", time.Now().Add(-time.Hour).Format(time.RFC3339Nano), hash) + + edit := server.Handle(fmt.Sprintf("/users/edit/%s?aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa", hash), server.Bob) + assert.Equal(t, "40 Post is too long\r\n", edit) + + users = server.Handle("/users", server.Alice) + assert.NotContains(t, users, "Nothing to see! Are you following anyone?") + assert.Contains(t, users, "1 post") + + today := server.Handle("/users/inbox/today", server.Alice) + assert.Contains(t, today, "Hello world") +} + +func TestEdit_InvalidEscapeSequence(t *testing.T) { + server := newTestServer() + defer server.Shutdown() + + follow := server.Handle(fmt.Sprintf("/users/follow/%x", sha256.Sum256([]byte(server.Bob.ID))), server.Alice) + assert.Equal(t, fmt.Sprintf("30 /users/outbox/%x\r\n", sha256.Sum256([]byte(server.Bob.ID))), follow) + + users := server.Handle("/users", server.Alice) + assert.Contains(t, users, "Nothing to see! Are you following anyone?") + assert.NotContains(t, users, "1 post") + + whisper := server.Handle("/users/whisper?Hello%20world", server.Bob) + assert.Regexp(t, "30 /users/view/[0-9a-f]{64}", whisper) + + hash := whisper[15 : len(whisper)-2] + + server.db.Exec("update notes set inserted = inserted - 3600, object = json_set(object, '$.published', ?) where hash = ?", time.Now().Add(-time.Hour).Format(time.RFC3339Nano), hash) + + edit := server.Handle(fmt.Sprintf("/users/edit/%s?Hello%%zzworld", hash), server.Bob) + assert.Equal(t, "40 Bad input\r\n", edit) + + users = server.Handle("/users", server.Alice) + assert.NotContains(t, users, "Nothing to see! Are you following anyone?") + assert.Contains(t, users, "1 post") + + today := server.Handle("/users/inbox/today", server.Alice) + assert.Contains(t, today, "Hello world") +} + +func TestEdit_NoSuchPost(t *testing.T) { + server := newTestServer() + defer server.Shutdown() + + follow := server.Handle(fmt.Sprintf("/users/follow/%x", sha256.Sum256([]byte(server.Bob.ID))), server.Alice) + assert.Equal(t, fmt.Sprintf("30 /users/outbox/%x\r\n", sha256.Sum256([]byte(server.Bob.ID))), follow) + + users := server.Handle("/users", server.Alice) + assert.Contains(t, users, "Nothing to see! Are you following anyone?") + assert.NotContains(t, users, "1 post") + + whisper := server.Handle("/users/whisper?Hello%20world", server.Bob) + assert.Regexp(t, "30 /users/view/[0-9a-f]{64}", whisper) + + edit := server.Handle("/users/edit/87428fc522803d31065e7bce3cf03fe475096631e5e07bbd7a0fde60c4cf25c7?Hello%20followers", server.Bob) + assert.Equal(t, "40 Error\r\n", edit) + + users = server.Handle("/users", server.Alice) + assert.NotContains(t, users, "Nothing to see! Are you following anyone?") + assert.Contains(t, users, "1 post") + + today := server.Handle("/users/inbox/today", server.Alice) + assert.Contains(t, today, "Hello world") +} + +func TestEdit_UnauthenticatedUser(t *testing.T) { + server := newTestServer() + defer server.Shutdown() + + follow := server.Handle(fmt.Sprintf("/users/follow/%x", sha256.Sum256([]byte(server.Bob.ID))), server.Alice) + assert.Equal(t, fmt.Sprintf("30 /users/outbox/%x\r\n", sha256.Sum256([]byte(server.Bob.ID))), follow) + + users := server.Handle("/users", server.Alice) + assert.Contains(t, users, "Nothing to see! Are you following anyone?") + assert.NotContains(t, users, "1 post") + + whisper := server.Handle("/users/whisper?Hello%20world", server.Bob) + assert.Regexp(t, "30 /users/view/[0-9a-f]{64}", whisper) + + hash := whisper[15 : len(whisper)-2] + + edit := server.Handle(fmt.Sprintf("/users/edit/%s?Hello%%20followers", hash), nil) + assert.Equal(t, "30 /users\r\n", edit) + + users = server.Handle("/users", server.Alice) + assert.NotContains(t, users, "Nothing to see! Are you following anyone?") + assert.Contains(t, users, "1 post") + + today := server.Handle("/users/inbox/today", server.Alice) + assert.Contains(t, today, "Hello world") +} diff --git a/test/hashtag_test.go b/test/hashtag_test.go index ed9d204a..591c2ee4 100644 --- a/test/hashtag_test.go +++ b/test/hashtag_test.go @@ -132,7 +132,21 @@ func TestHashtag_BigOffset(t *testing.T) { view := server.Handle(say[3:len(say)-2], server.Bob) assert.Contains(t, view, "Hello #world") - hashtag := server.Handle("/hashtag/world?123", server.Bob) + hashtag := server.Handle("/users/hashtag/world?123", server.Bob) + assert.NotContains(t, hashtag, "Hello #world") +} + +func TestHashtag_BigOffsetUnauthenticatedUser(t *testing.T) { + server := newTestServer() + defer server.Shutdown() + + say := server.Handle("/users/say?Hello%20%23world", server.Alice) + assert.Regexp(t, "^30 /users/view/[0-9a-f]{64}\r\n$", say) + + view := server.Handle(say[3:len(say)-2], server.Bob) + assert.Contains(t, view, "Hello #world") + + hashtag := server.Handle("/hashtag/world?123", nil) assert.NotContains(t, hashtag, "Hello #world") } diff --git a/test/inbox_test.go b/test/inbox_test.go new file mode 100644 index 00000000..229dad9a --- /dev/null +++ b/test/inbox_test.go @@ -0,0 +1,121 @@ +/* +Copyright 2023 Dima Krasner + +Licensed under the Apache License, Version 2.0 (the "License"); +you may not use this file except in compliance with the License. +You may obtain a copy of the License at + + http://www.apache.org/licenses/LICENSE-2.0 + +Unless required by applicable law or agreed to in writing, software +distributed under the License is distributed on an "AS IS" BASIS, +WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +See the License for the specific language governing permissions and +limitations under the License. +*/ + +package test + +import ( + "crypto/sha256" + "fmt" + "github.com/stretchr/testify/assert" + "testing" + "time" +) + +func TestInbox_NoPosts(t *testing.T) { + server := newTestServer() + defer server.Shutdown() + + today := server.Handle("/users/inbox/today", server.Alice) + assert.Contains(t, today, "No posts.") +} + +func TestInbox_UnauthenticatedUser(t *testing.T) { + server := newTestServer() + defer server.Shutdown() + + today := server.Handle("/users/inbox/today", nil) + assert.Equal(t, "30 /users\r\n", today) +} + +func TestInbox_InvalidOffset(t *testing.T) { + server := newTestServer() + defer server.Shutdown() + + today := server.Handle("/users/inbox/today?zz", server.Alice) + assert.Equal(t, "40 Invalid query\r\n", today) +} + +func TestInbox_FutureDate(t *testing.T) { + server := newTestServer() + defer server.Shutdown() + + today := server.Handle("/users/inbox/"+time.Now().Add(time.Hour*24).Format(time.DateOnly), server.Alice) + assert.Equal(t, "30 /users/oops\r\n", today) +} + +func TestInbox_InvalidDate(t *testing.T) { + server := newTestServer() + defer server.Shutdown() + + today := server.Handle("/users/inbox/9999-99-99", server.Alice) + assert.Equal(t, "40 Invalid date\r\n", today) +} + +func TestInbox_PostToFollowersToday(t *testing.T) { + server := newTestServer() + defer server.Shutdown() + + follow := server.Handle(fmt.Sprintf("/users/follow/%x", sha256.Sum256([]byte(server.Bob.ID))), server.Alice) + assert.Equal(t, fmt.Sprintf("30 /users/outbox/%x\r\n", sha256.Sum256([]byte(server.Bob.ID))), follow) + + whisper := server.Handle("/users/whisper?Hello%20world", server.Bob) + assert.Regexp(t, "30 /users/view/[0-9a-f]{64}", whisper) + + today := server.Handle("/users/inbox/today", server.Alice) + assert.Contains(t, today, "Hello world") +} + +func TestInbox_PostToFollowersTodayBigOffset(t *testing.T) { + server := newTestServer() + defer server.Shutdown() + + follow := server.Handle(fmt.Sprintf("/users/follow/%x", sha256.Sum256([]byte(server.Bob.ID))), server.Alice) + assert.Equal(t, fmt.Sprintf("30 /users/outbox/%x\r\n", sha256.Sum256([]byte(server.Bob.ID))), follow) + + whisper := server.Handle("/users/whisper?Hello%20world", server.Bob) + assert.Regexp(t, "30 /users/view/[0-9a-f]{64}", whisper) + + today := server.Handle("/users/inbox/today?123", server.Alice) + assert.NotContains(t, today, "Hello world") +} + +func TestInbox_PostToFollowersTodayByDate(t *testing.T) { + server := newTestServer() + defer server.Shutdown() + + follow := server.Handle(fmt.Sprintf("/users/follow/%x", sha256.Sum256([]byte(server.Bob.ID))), server.Alice) + assert.Equal(t, fmt.Sprintf("30 /users/outbox/%x\r\n", sha256.Sum256([]byte(server.Bob.ID))), follow) + + whisper := server.Handle("/users/whisper?Hello%20world", server.Bob) + assert.Regexp(t, "30 /users/view/[0-9a-f]{64}", whisper) + + today := server.Handle("/users/inbox/"+time.Now().Format(time.DateOnly), server.Alice) + assert.Contains(t, today, "Hello world") +} + +func TestInbox_PostToFollowersYesterday(t *testing.T) { + server := newTestServer() + defer server.Shutdown() + + follow := server.Handle(fmt.Sprintf("/users/follow/%x", sha256.Sum256([]byte(server.Bob.ID))), server.Alice) + assert.Equal(t, fmt.Sprintf("30 /users/outbox/%x\r\n", sha256.Sum256([]byte(server.Bob.ID))), follow) + + whisper := server.Handle("/users/whisper?Hello%20world", server.Bob) + assert.Regexp(t, "30 /users/view/[0-9a-f]{64}", whisper) + + yesterday := server.Handle("/users/inbox/yesterday", server.Alice) + assert.Contains(t, yesterday, "No posts.") +} diff --git a/test/reply_test.go b/test/reply_test.go index 64ddb999..16b1814a 100644 --- a/test/reply_test.go +++ b/test/reply_test.go @@ -113,6 +113,39 @@ func TestReply_PostToFollowers(t *testing.T) { assert.NotContains(t, local, "Welcome Bob") } +func TestReply_SelfReply(t *testing.T) { + server := newTestServer() + defer server.Shutdown() + + follow := server.Handle(fmt.Sprintf("/users/follow/%x", sha256.Sum256([]byte(server.Bob.ID))), server.Alice) + assert.Equal(t, fmt.Sprintf("30 /users/outbox/%x\r\n", sha256.Sum256([]byte(server.Bob.ID))), follow) + + whisper := server.Handle("/users/whisper?Hello%20world", server.Bob) + assert.Regexp(t, "30 /users/view/[0-9a-f]{64}", whisper) + + hash := whisper[15 : len(whisper)-2] + + view := server.Handle("/users/view/"+hash, server.Bob) + assert.Contains(t, view, "Hello world") + assert.NotContains(t, view, "Welcome Bob") + + server.db.Exec("update outbox set inserted = inserted - 3600 where activity->>'type' = 'Create'") + + reply := server.Handle(fmt.Sprintf("/users/reply/%s?Welcome%%20me", hash), server.Bob) + assert.Regexp(t, "30 /users/view/[0-9a-f]{64}", reply) + + view = server.Handle("/users/view/"+hash, server.Alice) + assert.Contains(t, view, "Hello world") + assert.Contains(t, view, "Welcome me") + + today := server.Handle("/users/inbox/today", server.Bob) + assert.NotContains(t, today, "Welcome me") + + local := server.Handle("/local", nil) + assert.NotContains(t, local, "Hello world") + assert.NotContains(t, local, "Welcome me") +} + func TestReply_ReplyToPublicPostByFollowedUser(t *testing.T) { server := newTestServer() defer server.Shutdown() diff --git a/test/unfollow_test.go b/test/unfollow_test.go index d1bc1045..9a6e992b 100644 --- a/test/unfollow_test.go +++ b/test/unfollow_test.go @@ -76,3 +76,11 @@ func TestUnfollow_NotFollowing(t *testing.T) { unfollow := server.Handle(fmt.Sprintf("/users/unfollow/%x", sha256.Sum256([]byte(server.Bob.ID))), server.Alice) assert.Equal(t, "40 No such follow\r\n", unfollow) } + +func TestUnfollow_UnauthenticatedUser(t *testing.T) { + server := newTestServer() + defer server.Shutdown() + + unfollow := server.Handle(fmt.Sprintf("/users/unfollow/%x", sha256.Sum256([]byte(server.Bob.ID))), nil) + assert.Equal(t, "30 /users\r\n", unfollow) +} diff --git a/test/users_test.go b/test/users_test.go index 9e35a52b..6f95133e 100644 --- a/test/users_test.go +++ b/test/users_test.go @@ -27,8 +27,8 @@ func TestUsers_NoFollows(t *testing.T) { server := newTestServer() defer server.Shutdown() - resp := server.Handle("/users", server.Bob) - assert.Contains(t, resp, "Nothing to see! Are you following anyone?") + users := server.Handle("/users", server.Bob) + assert.Contains(t, users, "Nothing to see! Are you following anyone?") } func TestUsers_NewPublicPost(t *testing.T) { @@ -122,3 +122,11 @@ func TestUsers_NewDM(t *testing.T) { local := server.Handle("/users/local", server.Carol) assert.NotContains(t, local, "Hello Alice") } + +func TestUsers_UnauthenticatedUser(t *testing.T) { + server := newTestServer() + defer server.Shutdown() + + users := server.Handle("/users", nil) + assert.Equal(t, "61 Peer certificate is required\r\n", users) +} diff --git a/test/view_test.go b/test/view_test.go index 37f419dc..f7cd25a4 100644 --- a/test/view_test.go +++ b/test/view_test.go @@ -184,6 +184,28 @@ func TestView_OneReplyPostNotDeleted(t *testing.T) { assert.Contains(t, view, "Welcome Bob") } +func TestView_OneReplyPostNotDeletedUnauthenticatedUser(t *testing.T) { + server := newTestServer() + defer server.Shutdown() + + say := server.Handle("/users/say?Hello%20world", server.Bob) + assert.Regexp(t, "30 /users/view/[0-9a-f]{64}", say) + + hash := say[15 : len(say)-2] + + reply := server.Handle(fmt.Sprintf("/users/reply/%s?Welcome%%20Bob", hash), server.Alice) + assert.Regexp(t, "30 /users/view/[0-9a-f]{64}", reply) + + replyHash := reply[15 : len(reply)-2] + + view := server.Handle("/view/"+hash, nil) + assert.Contains(t, view, "Hello world") + assert.Contains(t, view, "Welcome Bob") + + view = server.Handle("/view/"+replyHash, nil) + assert.Contains(t, view, "Welcome Bob") +} + func TestView_OneReplyPostDeletedUnauthenticatedUser(t *testing.T) { server := newTestServer() defer server.Shutdown()