git.squeep.com Git - akkoma/blob - test/object/containment_test.exs

   1 defmodule Pleroma.Object.ContainmentTest do
   2   use Pleroma.DataCase
   3
   4   alias Pleroma.Object.Containment
   5   alias Pleroma.User
   6
   7   import Pleroma.Factory
   8
   9   setup_all do
  10     Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
  11     :ok
  12   end
  13
  14   describe "general origin containment" do
  15     test "contain_origin_from_id() catches obvious spoofing attempts" do
  16       data = %{
  17         "id" => "http://example.com/~alyssa/activities/1234.json"
  18       }
  19
  20       :error =
  21         Containment.contain_origin_from_id(
  22           "http://example.org/~alyssa/activities/1234.json",
  23           data
  24         )
  25     end
  26
  27     test "contain_origin_from_id() allows alternate IDs within the same origin domain" do
  28       data = %{
  29         "id" => "http://example.com/~alyssa/activities/1234.json"
  30       }
  31
  32       :ok =
  33         Containment.contain_origin_from_id(
  34           "http://example.com/~alyssa/activities/1234",
  35           data
  36         )
  37     end
  38
  39     test "contain_origin_from_id() allows matching IDs" do
  40       data = %{
  41         "id" => "http://example.com/~alyssa/activities/1234.json"
  42       }
  43
  44       :ok =
  45         Containment.contain_origin_from_id(
  46           "http://example.com/~alyssa/activities/1234.json",
  47           data
  48         )
  49     end
  50
  51     test "users cannot be collided through fake direction spoofing attempts" do
  52       _user =
  53         insert(:user, %{
  54           nickname: "rye@niu.moe",
  55           local: false,
  56           ap_id: "https://niu.moe/users/rye",
  57           follower_address: User.ap_followers(%User{nickname: "rye@niu.moe"})
  58         })
  59
  60       {:error, _} = User.get_or_fetch_by_ap_id("https://n1u.moe/users/rye")
  61     end
  62   end
  63 end