assert User.following?(follower, followed) == false
end
+
+ test "it rejects activities without a valid ID" do
+ user = insert(:user)
+
+ data =
+ File.read!("test/fixtures/mastodon-follow-activity.json")
+ |> Poison.decode!()
+ |> Map.put("object", user.ap_id)
+ |> Map.put("id", "")
+
+ :error = Transmogrifier.handle_incoming(data)
+ end
end
describe "prepare outgoing" do
assert rewritten["url"] == "http://example.com"
end
end
+
+ describe "actor origin containment" do
+ test "it rejects objects with a bogus origin" do
+ {:error, _} = ActivityPub.fetch_object_from_id("https://info.pleroma.site/activity.json")
+ end
+
+ test "it rejects activities which reference objects with bogus origins" do
+ user = insert(:user, %{local: false})
+
+ data = %{
+ "@context" => "https://www.w3.org/ns/activitystreams",
+ "id" => user.ap_id <> "/activities/1234",
+ "actor" => user.ap_id,
+ "to" => ["https://www.w3.org/ns/activitystreams#Public"],
+ "object" => "https://info.pleroma.site/activity.json",
+ "type" => "Announce"
+ }
+
+ :error = Transmogrifier.handle_incoming(data)
+ end
+ end
end