merge upstream

2025-03-25 16:14:53 -04:00 · 2025-03-25 16:14:53 -04:00 · d8908ef2d8
commit d8908ef2d8
parent aebc6b4112 8d6573fbec
1065 changed files with 32953 additions and 20092 deletions
--- a/packages/backend/test/unit/AbuseReportNotificationService.ts
+++ b/packages/backend/test/unit/AbuseReportNotificationService.ts
@ -149,9 +149,9 @@ describe('AbuseReportNotificationService', () => {
 	});

 	beforeEach(async () => {
-		root = await createUser({ username: 'root', usernameLower: 'root', isRoot: true });
-		alice = await createUser({ username: 'alice', usernameLower: 'alice', isRoot: false });
-		bob = await createUser({ username: 'bob', usernameLower: 'bob', isRoot: false });
+		root = await createUser({ username: 'root', usernameLower: 'root' });
+		alice = await createUser({ username: 'alice', usernameLower: 'alice' });
+		bob = await createUser({ username: 'bob', usernameLower: 'bob' });
 		systemWebhook1 = await createWebhook();
 		systemWebhook2 = await createWebhook();

--- a/packages/backend/test/unit/FlashService.ts
+++ b/packages/backend/test/unit/FlashService.ts
@ -79,9 +79,9 @@ describe('FlashService', () => {
 		userProfilesRepository = app.get(DI.userProfilesRepository);
 		idService = app.get(IdService);

-		root = await createUser({ username: 'root', usernameLower: 'root', isRoot: true });
-		alice = await createUser({ username: 'alice', usernameLower: 'alice', isRoot: false });
-		bob = await createUser({ username: 'bob', usernameLower: 'bob', isRoot: false });
+		root = await createUser({ username: 'root', usernameLower: 'root' });
+		alice = await createUser({ username: 'alice', usernameLower: 'alice' });
+		bob = await createUser({ username: 'bob', usernameLower: 'bob' });
 	});

 	afterEach(async () => {
--- a/packages/backend/test/unit/MfmService.ts
+++ b/packages/backend/test/unit/MfmService.ts
@ -24,13 +24,13 @@ describe('MfmService', () => {
 	describe('toHtml', () => {
 		test('br', () => {
 			const input = 'foo\nbar\nbaz';
-			const output = '<p><span>foo<br>bar<br>baz</span></p>';
+			const output = '<p><span>foo<br />bar<br />baz</span></p>';
 			assert.equal(mfmService.toHtml(mfm.parse(input)), output);
 		});

 		test('br alt', () => {
 			const input = 'foo\r\nbar\rbaz';
-			const output = '<p><span>foo<br>bar<br>baz</span></p>';
+			const output = '<p><span>foo<br />bar<br />baz</span></p>';
 			assert.equal(mfmService.toHtml(mfm.parse(input)), output);
 		});

--- a/packages/backend/test/unit/RelayService.ts
+++ b/packages/backend/test/unit/RelayService.ts
@ -6,19 +6,18 @@
 process.env.NODE_ENV = 'test';

 import { jest } from '@jest/globals';
-import { ModuleMocker } from 'jest-mock';
 import { Test } from '@nestjs/testing';
-import { GlobalModule } from '@/GlobalModule.js';
-import { RelayService } from '@/core/RelayService.js';
-import { ApRendererService } from '@/core/activitypub/ApRendererService.js';
-import { CreateSystemUserService } from '@/core/CreateSystemUserService.js';
-import { UserEntityService } from '@/core/entities/UserEntityService.js';
-import { QueueService } from '@/core/QueueService.js';
-import { IdService } from '@/core/IdService.js';
-import type { RelaysRepository } from '@/models/_.js';
-import { DI } from '@/di-symbols.js';
+import { ModuleMocker } from 'jest-mock';
 import type { TestingModule } from '@nestjs/testing';
 import type { MockFunctionMetadata } from 'jest-mock';
+import { ApRendererService } from '@/core/activitypub/ApRendererService.js';
+import { UserEntityService } from '@/core/entities/UserEntityService.js';
+import { IdService } from '@/core/IdService.js';
+import { QueueService } from '@/core/QueueService.js';
+import { RelayService } from '@/core/RelayService.js';
+import { SystemAccountService } from '@/core/SystemAccountService.js';
+import { GlobalModule } from '@/GlobalModule.js';
+import { UtilityService } from '@/core/UtilityService.js';

 const moduleMocker = new ModuleMocker(global);

@ -26,8 +25,6 @@ describe('RelayService', () => {
 	let app: TestingModule;
 	let relayService: RelayService;
 	let queueService: jest.Mocked<QueueService>;
-	let relaysRepository: RelaysRepository;
-	let userEntityService: UserEntityService;

 	beforeAll(async () => {
 		app = await Test.createTestingModule({
@ -36,10 +33,11 @@ describe('RelayService', () => {
 			],
 			providers: [
 				IdService,
-				CreateSystemUserService,
 				ApRendererService,
 				RelayService,
 				UserEntityService,
+				SystemAccountService,
+				UtilityService,
 			],
 		})
 			.useMocker((token) => {
@ -58,8 +56,6 @@ describe('RelayService', () => {

 		relayService = app.get<RelayService>(RelayService);
 		queueService = app.get<QueueService>(QueueService) as jest.Mocked<QueueService>;
-		relaysRepository = app.get<RelaysRepository>(DI.relaysRepository);
-		userEntityService = app.get<UserEntityService>(UserEntityService);
 	});

 	afterAll(async () => {
--- a/packages/backend/test/unit/RoleService.ts
+++ b/packages/backend/test/unit/RoleService.ts
@ -57,6 +57,12 @@ describe('RoleService', () => {
 		return await usersRepository.findOneByOrFail(x.identifiers[0]);
 	}

+	async function createRoot(data: Partial<MiUser> = {}) {
+		const user = await createUser(data);
+		meta.rootUserId = user.id;
+		return user;
+	}
+
 	async function createRole(data: Partial<MiRole> = {}) {
 		const x = await rolesRepository.insert({
 			id: genAidx(Date.now()),
@ -279,7 +285,7 @@ describe('RoleService', () => {
 	describe('getModeratorIds', () => {
 		test('includeAdmins = false, includeRoot = false, excludeExpire = false', async () => {
 			const [adminUser1, adminUser2, modeUser1, modeUser2, normalUser1, normalUser2, rootUser] = await Promise.all([
-				createUser(), createUser(), createUser(), createUser(), createUser(), createUser(), createUser({ isRoot: true }),
+				createUser(), createUser(), createUser(), createUser(), createUser(), createUser(), createRoot(),
 			]);

 			const role1 = await createRole({ name: 'admin', isAdministrator: true });
@ -305,7 +311,7 @@ describe('RoleService', () => {

 		test('includeAdmins = false, includeRoot = false, excludeExpire = true', async () => {
 			const [adminUser1, adminUser2, modeUser1, modeUser2, normalUser1, normalUser2, rootUser] = await Promise.all([
-				createUser(), createUser(), createUser(), createUser(), createUser(), createUser(), createUser({ isRoot: true }),
+				createUser(), createUser(), createUser(), createUser(), createUser(), createUser(), createRoot(),
 			]);

 			const role1 = await createRole({ name: 'admin', isAdministrator: true });
@ -331,7 +337,7 @@ describe('RoleService', () => {

 		test('includeAdmins = true, includeRoot = false, excludeExpire = false', async () => {
 			const [adminUser1, adminUser2, modeUser1, modeUser2, normalUser1, normalUser2, rootUser] = await Promise.all([
-				createUser(), createUser(), createUser(), createUser(), createUser(), createUser(), createUser({ isRoot: true }),
+				createUser(), createUser(), createUser(), createUser(), createUser(), createUser(), createRoot(),
 			]);

 			const role1 = await createRole({ name: 'admin', isAdministrator: true });
@ -357,7 +363,7 @@ describe('RoleService', () => {

 		test('includeAdmins = true, includeRoot = false, excludeExpire = true', async () => {
 			const [adminUser1, adminUser2, modeUser1, modeUser2, normalUser1, normalUser2, rootUser] = await Promise.all([
-				createUser(), createUser(), createUser(), createUser(), createUser(), createUser(), createUser({ isRoot: true }),
+				createUser(), createUser(), createUser(), createUser(), createUser(), createUser(), createRoot(),
 			]);

 			const role1 = await createRole({ name: 'admin', isAdministrator: true });
@ -383,7 +389,7 @@ describe('RoleService', () => {

 		test('includeAdmins = false, includeRoot = true, excludeExpire = false', async () => {
 			const [adminUser1, adminUser2, modeUser1, modeUser2, normalUser1, normalUser2, rootUser] = await Promise.all([
-				createUser(), createUser(), createUser(), createUser(), createUser(), createUser(), createUser({ isRoot: true }),
+				createUser(), createUser(), createUser(), createUser(), createUser(), createUser(), createRoot(),
 			]);

 			const role1 = await createRole({ name: 'admin', isAdministrator: true });
@ -409,7 +415,7 @@ describe('RoleService', () => {

 		test('root has moderator role', async () => {
 			const [adminUser1, modeUser1, normalUser1, rootUser] = await Promise.all([
-				createUser(), createUser(), createUser(), createUser({ isRoot: true }),
+				createUser(), createUser(), createUser(), createRoot(),
 			]);

 			const role1 = await createRole({ name: 'admin', isAdministrator: true });
@ -433,7 +439,7 @@ describe('RoleService', () => {

 		test('root has administrator role', async () => {
 			const [adminUser1, modeUser1, normalUser1, rootUser] = await Promise.all([
-				createUser(), createUser(), createUser(), createUser({ isRoot: true }),
+				createUser(), createUser(), createUser(), createRoot(),
 			]);

 			const role1 = await createRole({ name: 'admin', isAdministrator: true });
@ -457,7 +463,7 @@ describe('RoleService', () => {

 		test('root has moderator role(expire)', async () => {
 			const [adminUser1, modeUser1, normalUser1, rootUser] = await Promise.all([
-				createUser(), createUser(), createUser(), createUser({ isRoot: true }),
+				createUser(), createUser(), createUser(), createRoot(),
 			]);

 			const role1 = await createRole({ name: 'admin', isAdministrator: true });
--- a/packages/backend/test/unit/SystemWebhookService.ts
+++ b/packages/backend/test/unit/SystemWebhookService.ts
@ -97,7 +97,7 @@ describe('SystemWebhookService', () => {
 	}

 	async function beforeEachImpl() {
-		root = await createUser({ isRoot: true, username: 'root', usernameLower: 'root' });
+		root = await createUser({ username: 'root', usernameLower: 'root' });
 	}

 	async function afterEachImpl() {
--- a/packages/backend/test/unit/UserSearchService.ts
+++ b/packages/backend/test/unit/UserSearchService.ts
@ -113,7 +113,7 @@ describe('UserSearchService', () => {
 	});

 	beforeEach(async () => {
-		root = await createUser({ username: 'root', usernameLower: 'root', isRoot: true });
+		root = await createUser({ username: 'root', usernameLower: 'root' });
 		alice = await createUser({ username: 'Alice', usernameLower: 'alice' });
 		alyce = await createUser({ username: 'Alyce', usernameLower: 'alyce' });
 		alycia = await createUser({ username: 'Alycia', usernameLower: 'alycia' });
--- a/packages/backend/test/unit/UserWebhookService.ts
+++ b/packages/backend/test/unit/UserWebhookService.ts
@ -91,7 +91,7 @@ describe('UserWebhookService', () => {
 	}

 	async function beforeEachImpl() {
-		root = await createUser({ isRoot: true, username: 'root', usernameLower: 'root' });
+		root = await createUser({ username: 'root', usernameLower: 'root' });
 	}

 	async function afterEachImpl() {
--- a/packages/backend/test/unit/WebhookTestService.ts
+++ b/packages/backend/test/unit/WebhookTestService.ts
@ -14,6 +14,7 @@ import { MiSystemWebhook, MiUser, MiWebhook, UserProfilesRepository, UsersReposi
 import { IdService } from '@/core/IdService.js';
 import { DI } from '@/di-symbols.js';
 import { QueueService } from '@/core/QueueService.js';
+import { CustomEmojiService } from '@/core/CustomEmojiService.js';

 describe('WebhookTestService', () => {
 	let app: TestingModule;
@ -56,6 +57,11 @@ describe('WebhookTestService', () => {
 			providers: [
 				WebhookTestService,
 				IdService,
+				{
+					provide: CustomEmojiService, useFactory: () => ({
+						populateEmojis: jest.fn(),
+					}),
+				},
 				{
 					provide: QueueService, useFactory: () => ({
 						systemWebhookDeliver: jest.fn(),
@ -88,8 +94,8 @@ describe('WebhookTestService', () => {
 	});

 	beforeEach(async () => {
-		root = await createUser({ username: 'root', usernameLower: 'root', isRoot: true });
-		alice = await createUser({ username: 'alice', usernameLower: 'alice', isRoot: false });
+		root = await createUser({ username: 'root', usernameLower: 'root' });
+		alice = await createUser({ username: 'alice', usernameLower: 'alice' });

 		userWebhookService.fetchWebhooks.mockReturnValue(Promise.resolve([
 			{ id: 'dummy-webhook', active: true, userId: alice.id } as MiWebhook,
--- a/packages/backend/test/unit/ap-request.ts
+++ b/packages/backend/test/unit/ap-request.ts
@ -8,6 +8,8 @@ import httpSignature from '@peertube/http-signature';

 import { genRsaKeyPair } from '@/misc/gen-key-pair.js';
 import { ApRequestCreator } from '@/core/activitypub/ApRequestService.js';
+import { assertActivityMatchesUrl, FetchAllowSoftFailMask } from '@/core/activitypub/misc/check-against-url.js';
+import { IObject } from '@/core/activitypub/type.js';

 export const buildParsedSignature = (signingString: string, signature: string, algorithm: string) => {
 	return {
@ -24,6 +26,10 @@ export const buildParsedSignature = (signingString: string, signature: string, a
 	};
 };

+function cartesianProduct<T, U>(a: T[], b: U[]): [T, U][] {
+	return a.flatMap(a => b.map(b => [a, b] as [T, U]));
+}
+
 describe('ap-request', () => {
 	test('createSignedPost with verify', async () => {
 		const keypair = await genRsaKeyPair();
@ -58,4 +64,108 @@ describe('ap-request', () => {
 		const result = httpSignature.verifySignature(parsed, keypair.publicKey);
 		assert.deepStrictEqual(result, true);
 	});
+
+	test('rejects non matching domain', () => {
+		assert.doesNotThrow(() => assertActivityMatchesUrl(
+			'https://alice.example.com/abc',
+			{ id: 'https://alice.example.com/abc' } as IObject,
+			'https://alice.example.com/abc',
+			FetchAllowSoftFailMask.Strict,
+		), 'validation should pass base case');
+		assert.throws(() => assertActivityMatchesUrl(
+			'https://alice.example.com/abc',
+			{ id: 'https://bob.example.com/abc' } as IObject,
+			'https://alice.example.com/abc',
+			FetchAllowSoftFailMask.Any,
+		), 'validation should fail no matter what if the response URL is inconsistent with the object ID');
+		
+		assert.doesNotThrow(() => assertActivityMatchesUrl(
+			'https://alice.example.com/abc#test',
+			{ id: 'https://alice.example.com/abc' } as IObject,
+			'https://alice.example.com/abc',
+			FetchAllowSoftFailMask.Strict,
+		), 'validation should pass with hash in request URL');
+
+		// fix issues like threads
+		// https://github.com/misskey-dev/misskey/issues/15039
+		const withOrWithoutWWW = [
+			'https://alice.example.com/abc',
+			'https://www.alice.example.com/abc',
+		];
+
+		cartesianProduct(
+			cartesianProduct(
+				withOrWithoutWWW,
+				withOrWithoutWWW,
+			),
+			withOrWithoutWWW,
+		).forEach(([[a, b], c]) => {
+			assert.doesNotThrow(() => assertActivityMatchesUrl(
+				a,
+				{ id: b } as IObject,
+				c,
+				FetchAllowSoftFailMask.Strict,
+			), 'validation should pass with or without www. subdomain');
+		});
+	});
+
+	test('cross origin lookup', () => {
+		assert.doesNotThrow(() => assertActivityMatchesUrl(
+			'https://alice.example.com/abc',
+			{ id: 'https://bob.example.com/abc' } as IObject,
+			'https://bob.example.com/abc',
+			FetchAllowSoftFailMask.CrossOrigin | FetchAllowSoftFailMask.NonCanonicalId,
+		), 'validation should pass if the response is otherwise consistent and cross-origin is allowed');
+		assert.throws(() => assertActivityMatchesUrl(
+			'https://alice.example.com/abc',
+			{ id: 'https://bob.example.com/abc' } as IObject,
+			'https://bob.example.com/abc',
+			FetchAllowSoftFailMask.Strict,
+		), 'validation should fail if the response is otherwise consistent and cross-origin is not allowed');
+	});
+
+	test('rejects non-canonical ID', () => {
+		assert.throws(() => assertActivityMatchesUrl(
+			'https://alice.example.com/@alice',
+			{ id: 'https://alice.example.com/users/alice' } as IObject,
+			'https://alice.example.com/users/alice',
+			FetchAllowSoftFailMask.Strict,
+		), 'throws if the response ID did not exactly match the expected ID');
+		assert.doesNotThrow(() => assertActivityMatchesUrl(
+			'https://alice.example.com/@alice',
+			{ id: 'https://alice.example.com/users/alice' } as IObject,
+			'https://alice.example.com/users/alice',
+			FetchAllowSoftFailMask.NonCanonicalId,
+		), 'does not throw if non-canonical ID is allowed');
+	});
+
+	test('origin relaxed alignment', () => {
+		assert.doesNotThrow(() => assertActivityMatchesUrl(
+			'https://alice.example.com/abc',
+			{ id: 'https://ap.alice.example.com/abc' } as IObject,
+			'https://ap.alice.example.com/abc',
+			FetchAllowSoftFailMask.MisalignedOrigin | FetchAllowSoftFailMask.NonCanonicalId,
+		), 'validation should pass if response is a subdomain of the expected origin');
+		assert.throws(() => assertActivityMatchesUrl(
+			'https://alice.multi-tenant.example.com/abc',
+			{ id: 'https://alice.multi-tenant.example.com/abc' } as IObject,
+			'https://bob.multi-tenant.example.com/abc',
+			FetchAllowSoftFailMask.MisalignedOrigin | FetchAllowSoftFailMask.NonCanonicalId,
+		), 'validation should fail if response is a disjoint domain of the expected origin');
+		assert.throws(() => assertActivityMatchesUrl(
+			'https://alice.example.com/abc',
+			{ id: 'https://ap.alice.example.com/abc' } as IObject,
+			'https://ap.alice.example.com/abc',
+			FetchAllowSoftFailMask.Strict,
+		), 'throws if relaxed origin is forbidden');
+	});
+
+	test('resist HTTP downgrade', () => {
+		assert.throws(() => assertActivityMatchesUrl(
+			'https://alice.example.com/abc',
+			{ id: 'https://alice.example.com/abc' } as IObject,
+			'http://alice.example.com/abc',
+			FetchAllowSoftFailMask.Strict,
+		), 'throws if HTTP downgrade is detected');
+	});
 });
--- a/packages/backend/test/unit/entities/UserEntityService.ts
+++ b/packages/backend/test/unit/entities/UserEntityService.ts
@ -50,6 +50,7 @@ import { AccountMoveService } from '@/core/AccountMoveService.js';
 import { ReactionService } from '@/core/ReactionService.js';
 import { NotificationService } from '@/core/NotificationService.js';
 import { ReactionsBufferingService } from '@/core/ReactionsBufferingService.js';
+import { ChatService } from '@/core/ChatService.js';

 process.env.NODE_ENV = 'test';

@ -172,6 +173,7 @@ describe('UserEntityService', () => {
 				ReactionService,
 				ReactionsBufferingService,
 				NotificationService,
+				ChatService,
 			];

 			app = await Test.createTestingModule({
--- a/packages/backend/test/unit/queue/processors/CheckModeratorsActivityProcessorService.ts
+++ b/packages/backend/test/unit/queue/processors/CheckModeratorsActivityProcessorService.ts
@ -316,7 +316,7 @@ describe('CheckModeratorsActivityProcessorService', () => {
 				createUser({}, { email: 'user2@example.com', emailVerified: false }),
 				createUser({}, { email: null, emailVerified: false }),
 				createUser({}, { email: 'user4@example.com', emailVerified: true }),
-				createUser({ isRoot: true }, { email: 'root@example.com', emailVerified: true }),
+				createUser({}, { email: 'root@example.com', emailVerified: true }),
 			]);

 			mockModeratorRole([user1, user2, user3, root]);
@ -349,7 +349,7 @@ describe('CheckModeratorsActivityProcessorService', () => {
 				createUser({}, { email: 'user2@example.com', emailVerified: false }),
 				createUser({}, { email: null, emailVerified: false }),
 				createUser({}, { email: 'user4@example.com', emailVerified: true }),
-				createUser({ isRoot: true }, { email: 'root@example.com', emailVerified: true }),
+				createUser({}, { email: 'root@example.com', emailVerified: true }),
 			]);

 			mockModeratorRole([user1, user2, user3, root]);