More fixes.

[akkoma] / test / web / activity_pub / transmogrifier_test.exs

diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs
index b8adf3b8acefea48bfa248884efaa3b92e53a92e..e74b8f9a129efb099c64c9bde87a60fd8f723aa5 100644 (file)
--- a/test/web/activity_pub/transmogrifier_test.exs
+++ b/test/web/activity_pub/transmogrifier_test.exs
@@ -92,7 +92,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
 
       user = User.get_by_ap_id(object["actor"])
 
-      assert user.info["note_count"] == 1
+      assert user.info.note_count == 1
     end
 
     test "it works for incoming notices with hashtags" do
@@ -307,7 +307,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
                }
              ]
 
-      assert user.info["banner"]["url"] == [
+      assert user.info.banner["url"] == [
                %{
                  "href" =>
                    "https://cd.niu.moe/accounts/headers/000/033/323/original/850b3448fa5fd477.png"
@@ -337,7 +337,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
       {:ok, %Activity{data: data, local: false}} = Transmogrifier.handle_incoming(update_data)
 
       user = User.get_cached_by_ap_id(data["actor"])
-      assert user.info["locked"] == true
+      assert user.info.locked == true
     end
 
     test "it works for incoming deletes" do
@@ -361,6 +361,26 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
       refute Repo.get(Activity, activity.id)
     end
 
+    test "it fails for incoming deletes with spoofed origin" do
+      activity = insert(:note_activity)
+
+      data =
+        File.read!("test/fixtures/mastodon-delete.json")
+        |> Poison.decode!()
+
+      object =
+        data["object"]
+        |> Map.put("id", activity.data["object"]["id"])
+
+      data =
+        data
+        |> Map.put("object", object)
+
+      :error = Transmogrifier.handle_incoming(data)
+
+      assert Repo.get(Activity, activity.id)
+    end
+
     test "it works for incoming unannounces with an existing notice" do
       user = insert(:user)
       {:ok, activity} = CommonAPI.post(user, %{"status" => "hey"})
@@ -523,7 +543,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
 
     test "it works for incoming accepts which were orphaned" do
       follower = insert(:user)
-      followed = insert(:user, %{info: %{"locked" => true}})
+      followed = insert(:user, %{info: %User.Info{locked: true}})
 
       {:ok, follow_activity} = ActivityPub.follow(follower, followed)
 
@@ -545,7 +565,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
 
     test "it works for incoming accepts which are referenced by IRI only" do
       follower = insert(:user)
-      followed = insert(:user, %{info: %{"locked" => true}})
+      followed = insert(:user, %{info: %User.Info{locked: true}})
 
       {:ok, follow_activity} = ActivityPub.follow(follower, followed)
 
@@ -565,7 +585,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
 
     test "it fails for incoming accepts which cannot be correlated" do
       follower = insert(:user)
-      followed = insert(:user, %{info: %{"locked" => true}})
+      followed = insert(:user, %{info: %User.Info{locked: true}})
 
       accept_data =
         File.read!("test/fixtures/mastodon-accept-activity.json")
@@ -584,7 +604,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
 
     test "it fails for incoming rejects which cannot be correlated" do
       follower = insert(:user)
-      followed = insert(:user, %{info: %{"locked" => true}})
+      followed = insert(:user, %{info: %User.Info{locked: true}})
 
       accept_data =
         File.read!("test/fixtures/mastodon-reject-activity.json")
@@ -603,7 +623,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
 
     test "it works for incoming rejects which are orphaned" do
       follower = insert(:user)
-      followed = insert(:user, %{info: %{"locked" => true}})
+      followed = insert(:user, %{info: %User.Info{locked: true}})
 
       {:ok, follower} = User.follow(follower, followed)
       {:ok, _follow_activity} = ActivityPub.follow(follower, followed)
@@ -628,7 +648,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
 
     test "it works for incoming rejects which are referenced by IRI only" do
       follower = insert(:user)
-      followed = insert(:user, %{info: %{"locked" => true}})
+      followed = insert(:user, %{info: %User.Info{locked: true}})
 
       {:ok, follower} = User.follow(follower, followed)
       {:ok, follow_activity} = ActivityPub.follow(follower, followed)
@@ -795,18 +815,18 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
       assert "http://localhost:4001/users/rye@niu.moe/followers" in activity.recipients
 
       user = Repo.get(User, user.id)
-      assert user.info["note_count"] == 1
+      assert user.info.note_count == 1
 
       {:ok, user} = Transmogrifier.upgrade_user_from_ap_id("https://niu.moe/users/rye")
-      assert user.info["ap_enabled"]
-      assert user.info["note_count"] == 1
+      assert user.info.ap_enabled
+      assert user.info.note_count == 1
       assert user.follower_address == "https://niu.moe/users/rye/followers"
 
       # Wait for the background task
       :timer.sleep(1000)
 
       user = Repo.get(User, user.id)
-      assert user.info["note_count"] == 1
+      assert user.info.note_count == 1
 
       activity = Repo.get(Activity, activity.id)
       assert user.follower_address in activity.recipients
@@ -827,7 +847,7 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
                      "https://cdn.niu.moe/accounts/headers/000/033/323/original/850b3448fa5fd477.png"
                  }
                ]
-             } = user.info["banner"]
+             } = user.info.banner
 
       refute "..." in activity.recipients
 
@@ -955,5 +975,24 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
           data
         )
     end
+
+    test "users cannot be collided through fake direction spoofing attempts" do
+      user =
+        insert(:user, %{
+          nickname: "rye@niu.moe",
+          local: false,
+          ap_id: "https://niu.moe/users/rye",
+          follower_address: User.ap_followers(%User{nickname: "rye@niu.moe"})
+        })
+
+      {:error, _} = User.get_or_fetch_by_ap_id("https://n1u.moe/users/rye")
+    end
+
+    test "all objects with fake directions are rejected by the object fetcher" do
+      {:error, _} =
+        ActivityPub.fetch_and_contain_remote_object_from_id(
+          "https://info.pleroma.site/activity4.json"
+        )
+    end
   end
 end