Merge pull request #231 from dtinit/feature/overview-actor-account-portability-oauth-field

feat: Update Actor Account Portability OAuth field plus codebase and tests refactor

Author: aaronjae22

testbed/core/json_ld_builders.py

@@ -7,9 +7,14 @@
 from .utils.oauth_utils import build_oauth_endpoint_url
 from .models import CreateActivity, LikeActivity, FollowActivity
 
+# Build JSON-LD Actor with LOLA compliance.
 def build_actor_json_ld(actor, auth_context=None):
     """
-    Build JSON-LD Actor with optional LOLA enhancements.
+    The accountPortabilityOauth field MUST always be present
+    for OAuth endpoint discovery (public visibility).
+    
+    The migration.* properties are conditionally included only 
+    when the request includes a valid portability token (scoped access).
     
     Args:
         actor: The Actor model instance
@@ -21,37 +26,42 @@ def build_actor_json_ld(actor, auth_context=None):
     Returns:
         Dict containing ActivityPub Actor with conditional LOLA fields
     """
+
     # Extract request for dynamic URL generation
     request = auth_context.get('request') if auth_context else None
 
-    # Base ActivityPub Actor (always included) - now with dynamic URLs
+    # Build actor URL
     actor_id = build_actor_id(actor.id, request)
+    
+    # Base ActivityPub Actor (always included)
     actor_data = {
         "@context": build_actor_context(),
         "type": "Person",
         "id": actor_id,
         "preferredUsername": actor.username,
         "name": actor.username,
-        # Standard ActivityPub collections
         "inbox": f"{actor_id}/inbox",
-        "outbox": f"{actor_id}/outbox",
-        "previously": actor.previously or [], # Ensure it's always a list
+        "previously": actor.previously or [],
+        "accountPortabilityOauth": build_oauth_endpoint_url(request)
     }
 
-    # Add LOLA fields ONLY when authenticated with portability scope
+    # Privacy-sensitive fields ONLY with portability scope
     if auth_context and auth_context.get('has_portability_scope'):
-        # Required LOLA discovery field
-        actor_data["accountPortabilityOauth"] = build_oauth_endpoint_url(request)
-        
-        # LOLA social collections (privacy-sensitive relationship data)
-        actor_data["followers"] = f"{actor_id}/followers"
+        # Standard ActivityPub collections (privacy-sensitive)
+        actor_data["outbox"] = f"{actor_id}/outbox"
         actor_data["following"] = f"{actor_id}/following"
-        
-        # Additional LOLA discovery fields
-        actor_data["content"] = f"{actor_id}/content"
+        actor_data["followers"] = f"{actor_id}/followers"
         actor_data["liked"] = f"{actor_id}/liked"
         actor_data["blocked"] = f"{actor_id}/blocked"
-        actor_data["migration"] = f"{actor_id}/outbox"
+        
+        # LOLA migration endpoints (same URLs, scope-filtered responses)
+        actor_data["migration"] = {
+            "outbox": f"{actor_id}/outbox",
+            "content": f"{actor_id}/content",
+            "following": f"{actor_id}/following",
+            "blocked": f"{actor_id}/blocked",
+            "liked": f"{actor_id}/liked"
+        }
 
     return actor_data
 

testbed/core/json_ld_utils.py

@@ -1,16 +1,18 @@
-class JsonLDContext:
-    ACTIVITY_STREAM = "https://www.w3.org/ns/activitystreams"
-    LOLA = "https://swicg.github.io/activitypub-data-portability/lola.jsonld"
+ACTIVITY_STREAM_CONTEXT = "https://www.w3.org/ns/activitystreams"
+LOLA_CONTEXT = "https://swicg.github.io/activitypub-data-portability/lola"
+BLOCKED_CONTEXT = "https://purl.archive.org/socialweb/blocked"
 
-# Return the basic context used in most responses
+# Basic context used in most responses
 def build_basic_context():
-    return JsonLDContext.ACTIVITY_STREAM
+    return ACTIVITY_STREAM_CONTEXT
 
-# Return the extended context used specifcally for Actor responses
+# Return the extended context used specifically for Actor responses
+# Includes blocked collection support (FEP-c648)
 def build_actor_context():
     return [
-        JsonLDContext.ACTIVITY_STREAM,
-        JsonLDContext.LOLA
+        ACTIVITY_STREAM_CONTEXT,
+        BLOCKED_CONTEXT,
+        LOLA_CONTEXT
     ]
 
 def build_id_url(type_name, obj_id, request):

testbed/core/tests/test_api.py

@@ -74,102 +74,11 @@ def test_outbox_not_found():
     response = APIClient().get(reverse("actor-outbox", kwargs={"pk": 99999}))
     assert response.status_code == status.HTTP_404_NOT_FOUND
 
-
-# LOLA Authentication Tests
-
 """
-Tests the complete request-response cycle with different authentication states
-to verify that endpoints properly serve enhanced data for LOLA-authenticated requests.
+Edge case tests for LOLA authentication.
+These tests focus on specific edge cases: URL params, outbox filtering, error handling, headers.
 """
 class TestLOLAAuthenticationAPI:
-    # Constants for OAuth scopes
-    LOLA_SCOPE = 'activitypub_account_portability read write'
-    BASIC_SCOPE = 'read write'
-    
-    # Helper methods for repeated assertions
-
-    # Helper to verify standard ActivityPub fields
-    def assert_basic_activitypub_structure(self, data, actor, mock_request):
-        assert data["@context"] == build_actor_context()
-        assert data["type"] == "Person"
-        
-        assert data["id"] == build_actor_id(actor.id, mock_request)
-        assert data["preferredUsername"] == actor.username
-        
-    # Helper to verify LOLA fields are absent
-    def assert_no_lola_fields(self, data):
-        lola_fields = ["accountPortabilityOauth", "content", "blocked", "migration"]
-        for field in lola_fields:
-            assert field not in data
-            
-    # Helper to verify LOLA fields are present and properly formatted        
-    def assert_has_lola_fields(self, data, actor):
-        assert "accountPortabilityOauth" in data
-        assert "content" in data
-        assert "blocked" in data
-        assert "migration" in data
-        
-        # Verify LOLA URLs are properly formatted
-        assert data["accountPortabilityOauth"].endswith("/oauth/authorize/")
-        assert data["content"].endswith(f"/actors/{actor.id}/content")
-        assert data["blocked"].endswith(f"/actors/{actor.id}/blocked")
-        assert data["migration"].endswith(f"/actors/{actor.id}/outbox")
-        
-    # Helper to create authenticated client    
-    def get_authenticated_client(self, token):
-        client = APIClient()
-        client.credentials(HTTP_AUTHORIZATION=f'Bearer {token.token}')
-        return client
-    
-    # Test that unauthenticated requests return basic ActivityPub data only
-    @pytest.mark.django_db
-    def test_actor_detail_unauthenticated_returns_basic_activitypub(self, mock_request):
-        actor = create_isolated_actor("unauthenticated_test")
-        client = APIClient()
-        
-        response = client.get(reverse("actor-detail", kwargs={"pk": actor.id}))
-        
-        # Should succeed with basic ActivityPub response
-        assert response.status_code == status.HTTP_200_OK
-        
-        data = response.data
-        # Use helper methods for assertions
-        self.assert_basic_activitypub_structure(data, actor, mock_request)
-        self.assert_no_lola_fields(data)
-    
-    # Test that LOLA-authenticated requests return enhanced data with collection URLs
-    @pytest.mark.django_db
-    def test_actor_detail_with_lola_scope_returns_enhanced_data(self, mock_request):
-        actor = create_isolated_actor("lola_enhanced_test")
-        lola_token = AccessTokenFactory(lola_scope=True)
-        client = self.get_authenticated_client(lola_token)
-        
-        response = client.get(reverse("actor-detail", kwargs={"pk": actor.id}))
-        
-        # Should succeed with enhanced response
-        assert response.status_code == status.HTTP_200_OK
-        
-        data = response.data
-        # Use helper methods for assertions
-        self.assert_basic_activitypub_structure(data, actor, mock_request)
-        self.assert_has_lola_fields(data, actor)
-    
-    # Test that authenticated requests without LOLA scope return basic data
-    @pytest.mark.django_db
-    def test_actor_detail_with_basic_token_returns_basic_data(self, mock_request):
-        actor = create_isolated_actor("basic_token_test")
-        basic_token = AccessTokenFactory(scope=self.BASIC_SCOPE)
-        client = self.get_authenticated_client(basic_token)
-        
-        response = client.get(reverse("actor-detail", kwargs={"pk": actor.id}))
-        
-        # Should succeed but return basic data (no LOLA scope)
-        assert response.status_code == status.HTTP_200_OK
-        
-        data = response.data
-        # Use helper methods for assertions
-        self.assert_basic_activitypub_structure(data, actor, mock_request)
-        self.assert_no_lola_fields(data)
 
     # Test that URL parameter authentication works for LOLA testing
     @pytest.mark.django_db
@@ -183,10 +92,8 @@ def test_actor_detail_url_parameter_authentication(self):
         response = client.get(f"{url}?auth_token={lola_token.token}")
 
         assert response.status_code == status.HTTP_200_OK
-        
-        data = response.data
-        # Should have LOLA fields (proves URL parameter auth worked)
-        self.assert_has_lola_fields(data, actor)
+        # Should have migration field (proves URL parameter auth worked)
+        assert "migration" in response.data
 
     # Test that outbox shows different content based on authentication
     @pytest.mark.django_db
@@ -224,38 +131,6 @@ def test_outbox_content_filtering_by_authentication(self, mock_request):
         assert public_data["id"] == expected_outbox_id
         assert lola_data["id"] == expected_outbox_id
 
-    # Test that demonstrates clear differences between public and LOLA responses
-    @pytest.mark.django_db
-    def test_side_by_side_authentication_comparison(self):
-        actor = create_isolated_actor("comparison_test")
-        lola_token = AccessTokenFactory(lola_scope=True)
-        
-        # Public request
-        public_client = APIClient()
-        public_response = public_client.get(reverse("actor-detail", kwargs={"pk": actor.id}))
-        public_data = public_response.data
-        
-        # LOLA request
-        lola_client = self.get_authenticated_client(lola_token)
-        lola_response = lola_client.get(reverse("actor-detail", kwargs={"pk": actor.id}))
-        lola_data = lola_response.data
-        
-        # Both should succeed
-        assert public_response.status_code == status.HTTP_200_OK
-        assert lola_response.status_code == status.HTTP_200_OK
-        
-        # Both should have identical basic fields
-        basic_fields = ["@context", "type", "id", "preferredUsername", "name", "previously"]
-        for field in basic_fields:
-            assert public_data[field] == lola_data[field]
-        
-        # Only LOLA should have enhanced fields
-        lola_fields = ["accountPortabilityOauth", "content", "blocked", "migration"]
-        for field in lola_fields:
-            assert field not in public_data
-            assert field in lola_data
-            assert isinstance(lola_data[field], str)  # Should be URL strings
-    
     # Test that invalid tokens gracefully degrade to unauthenticated behavior
     @pytest.mark.django_db
     def test_invalid_token_graceful_degradation(self):
@@ -268,13 +143,8 @@ def test_invalid_token_graceful_degradation(self):
 
         # Should succeed with public data (graceful degradation)
         assert response.status_code == status.HTTP_200_OK
-        
-        data = response.data
-        assert data["type"] == "Person"
-        # Should NOT have LOLA fields (invalid token treated as unauthenticated)
-        assert "accountPortabilityOauth" not in data
-        assert "content" not in data
-        assert "blocked" not in data
+        # Should NOT have migration field (invalid token = unauthenticated)
+        assert "migration" not in response.data
 
     # Test graceful handling of malformed authorization headers
     @pytest.mark.parametrize("malformed_header", [
@@ -284,25 +154,25 @@ def test_invalid_token_graceful_degradation(self):
         "InvalidFormat token",  # Malformed header
     ])
     @pytest.mark.django_db
-    def test_malformed_authorization_header_handling(self, malformed_header, mock_request):
+    def test_malformed_authorization_header_handling(self, malformed_header):
         actor = create_isolated_actor("malformed_header_test")
         client = APIClient()
         client.credentials(HTTP_AUTHORIZATION=malformed_header)
 
         response = client.get(reverse("actor-detail", kwargs={"pk": actor.id}))
 
-        # Should succeed with public data for all malformed cases
+        # Should succeed with public data (malformed auth = unauthenticated)
         assert response.status_code == status.HTTP_200_OK
-        data = response.data
-        self.assert_basic_activitypub_structure(data, actor, mock_request)
-        self.assert_no_lola_fields(data)
+        # Should NOT have migration field
+        assert "migration" not in response.data
 
     # Test that content-type headers are set correctly for API responses
     @pytest.mark.django_db
     def test_content_type_headers_set_correctly(self):
         actor = create_isolated_actor("content_type_test")
         lola_token = AccessTokenFactory(lola_scope=True)
-        client = self.get_authenticated_client(lola_token)
+        client = APIClient()
+        client.credentials(HTTP_AUTHORIZATION=f'Bearer {lola_token.token}')
 
         # Request with format=json 
         response = client.get(reverse("actor-detail", kwargs={"pk": actor.id}), {"format": "json"})
@@ -312,10 +182,8 @@ def test_content_type_headers_set_correctly(self):
         assert response["Content-Type"] == "application/json"
         # Should have CORS header for federation
         assert response["Access-Control-Allow-Origin"] == "*"
-        
-        # Should still have LOLA fields
-        data = response.data
-        assert "accountPortabilityOauth" in data
+        # Should have migration field (authenticated)
+        assert "migration" in response.data
 
 
 # LOLA Following Collection Tests

testbed/core/tests/test_json_ld_utils.py

@@ -1,6 +1,8 @@
 import pytest
 from testbed.core.json_ld_utils import (
-    JsonLDContext,
+    ACTIVITY_STREAM_CONTEXT,
+    LOLA_CONTEXT,
+    BLOCKED_CONTEXT,
     build_basic_context,
     build_actor_context,
     build_id_url,
@@ -12,22 +14,24 @@
 
 # Test that context URLs are correct
 def test_json_ld_context_constants():
-    assert JsonLDContext.ACTIVITY_STREAM == "https://www.w3.org/ns/activitystreams"
-    assert JsonLDContext.LOLA == "https://swicg.github.io/activitypub-data-portability/lola.jsonld"
+    assert ACTIVITY_STREAM_CONTEXT == "https://www.w3.org/ns/activitystreams"
+    assert LOLA_CONTEXT == "https://swicg.github.io/activitypub-data-portability/lola"
+    assert BLOCKED_CONTEXT == "https://purl.archive.org/socialweb/blocked"
 
 # Test basic context builder returns single URL
 def test_build_basic_context():
     context = build_basic_context()
-    assert context == JsonLDContext.ACTIVITY_STREAM
+    assert context == ACTIVITY_STREAM_CONTEXT
     assert isinstance(context, str)
 
-# Test actor context builder returns list with both URLs
+# Test actor context builder returns list with all three URLs
 def test_build_actor_context():
     context = build_actor_context()
     assert isinstance(context, list)
-    assert len(context) == 2
-    assert JsonLDContext.ACTIVITY_STREAM in context
-    assert JsonLDContext.LOLA in context
+    assert len(context) == 3
+    assert ACTIVITY_STREAM_CONTEXT in context
+    assert BLOCKED_CONTEXT in context
+    assert LOLA_CONTEXT in context
 
 # Test base URL builder function
 def test_build_id_url(mock_request):