1 defmodule Pleroma.Object.ContainmentTest do
4 alias Pleroma.Object.Containment
8 import ExUnit.CaptureLog
11 Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
15 describe "general origin containment" do
16 test "contain_origin_from_id() catches obvious spoofing attempts" do
18 "id" => "http://example.com/~alyssa/activities/1234.json"
22 Containment.contain_origin_from_id(
23 "http://example.org/~alyssa/activities/1234.json",
28 test "contain_origin_from_id() allows alternate IDs within the same origin domain" do
30 "id" => "http://example.com/~alyssa/activities/1234.json"
34 Containment.contain_origin_from_id(
35 "http://example.com/~alyssa/activities/1234",
40 test "contain_origin_from_id() allows matching IDs" do
42 "id" => "http://example.com/~alyssa/activities/1234.json"
46 Containment.contain_origin_from_id(
47 "http://example.com/~alyssa/activities/1234.json",
52 test "users cannot be collided through fake direction spoofing attempts" do
55 nickname: "rye@niu.moe",
57 ap_id: "https://niu.moe/users/rye",
58 follower_address: User.ap_followers(%User{nickname: "rye@niu.moe"})
61 assert capture_log(fn ->
62 {:error, _} = User.get_or_fetch_by_ap_id("https://n1u.moe/users/rye")
64 "[error] Could not decode user at fetch https://n1u.moe/users/rye, {:error, :error}"