Merge branch 'develop' of https://git.pleroma.social/pleroma/pleroma into develop

[akkoma] / test / object / containment_test.exs

diff --git a/test/object/containment_test.exs b/test/object/containment_test.exs
index fcedb2283cbeb6fd36a428c840d01cd85d0266bb..7636803a63a97f6f313d91798d40f3ae39874770 100644 (file)
--- a/test/object/containment_test.exs
+++ b/test/object/containment_test.exs
@@ -1,13 +1,32 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Object.ContainmentTest do
   use Pleroma.DataCase
 
-  alias Pleroma.User
   alias Pleroma.Object.Containment
-  alias Pleroma.Web.ActivityPub.ActivityPub
+  alias Pleroma.User
 
   import Pleroma.Factory
+  import ExUnit.CaptureLog
+
+  setup_all do
+    Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
+    :ok
+  end
 
   describe "general origin containment" do
+    test "works for completely actorless posts" do
+      assert :error ==
+               Containment.contain_origin("https://glaceon.social/users/monorail", %{
+                 "deleted" => "2019-10-30T05:48:50.249606Z",
+                 "formerType" => "Note",
+                 "id" => "https://glaceon.social/users/monorail/statuses/103049757364029187",
+                 "type" => "Tombstone"
+               })
+    end
+
     test "contain_origin_from_id() catches obvious spoofing attempts" do
       data = %{
         "id" => "http://example.com/~alyssa/activities/1234.json"
@@ -45,7 +64,7 @@ defmodule Pleroma.Object.ContainmentTest do
     end
 
     test "users cannot be collided through fake direction spoofing attempts" do
-      user =
+      _user =
         insert(:user, %{
           nickname: "rye@niu.moe",
           local: false,
@@ -53,14 +72,54 @@ defmodule Pleroma.Object.ContainmentTest do
           follower_address: User.ap_followers(%User{nickname: "rye@niu.moe"})
         })
 
-      {:error, _} = User.get_or_fetch_by_ap_id("https://n1u.moe/users/rye")
+      assert capture_log(fn ->
+               {:error, _} = User.get_or_fetch_by_ap_id("https://n1u.moe/users/rye")
+             end) =~
+               "[error] Could not decode user at fetch https://n1u.moe/users/rye"
     end
 
-    test "all objects with fake directions are rejected by the object fetcher" do
-      {:error, _} =
-        ActivityPub.fetch_and_contain_remote_object_from_id(
-          "https://info.pleroma.site/activity4.json"
-        )
+    test "contain_origin_from_id() gracefully handles cases where no ID is present" do
+      data = %{
+        "type" => "Create",
+        "object" => %{
+          "id" => "http://example.net/~alyssa/activities/1234",
+          "attributedTo" => "http://example.org/~alyssa"
+        },
+        "actor" => "http://example.com/~bob"
+      }
+
+      :error =
+        Containment.contain_origin_from_id("http://example.net/~alyssa/activities/1234", data)
+    end
+  end
+
+  describe "containment of children" do
+    test "contain_child() catches spoofing attempts" do
+      data = %{
+        "id" => "http://example.com/whatever",
+        "type" => "Create",
+        "object" => %{
+          "id" => "http://example.net/~alyssa/activities/1234",
+          "attributedTo" => "http://example.org/~alyssa"
+        },
+        "actor" => "http://example.com/~bob"
+      }
+
+      :error = Containment.contain_child(data)
+    end
+
+    test "contain_child() allows correct origins" do
+      data = %{
+        "id" => "http://example.org/~alyssa/activities/5678",
+        "type" => "Create",
+        "object" => %{
+          "id" => "http://example.org/~alyssa/activities/1234",
+          "attributedTo" => "http://example.org/~alyssa"
+        },
+        "actor" => "http://example.org/~alyssa"
+      }
+
+      :ok = Containment.contain_child(data)
     end
   end
 end