X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=test%2Fobject%2Fcontainment_test.exs;h=0dc2728b9a0a44a70d7455171120d5f5a6a11ff2;hb=4ea1a61b008c932bc83fcd6cd07bb7f4c251204a;hp=1beed623646936ce43fd3bee76203ee119f2b640;hpb=93a0eeab16dc98b9278ee8649b233c3acd7807ec;p=akkoma

diff --git a/test/object/containment_test.exs b/test/object/containment_test.exs
index 1beed6236..0dc2728b9 100644
--- a/test/object/containment_test.exs
+++ b/test/object/containment_test.exs
@@ -65,7 +65,37 @@ defmodule Pleroma.Object.ContainmentTest do
       assert capture_log(fn ->
                {:error, _} = User.get_or_fetch_by_ap_id("https://n1u.moe/users/rye")
              end) =~
-               "[error] Could not decode user at fetch https://n1u.moe/users/rye, {:error, :error}"
+               "[error] Could not decode user at fetch https://n1u.moe/users/rye"
+    end
+  end
+
+  describe "containment of children" do
+    test "contain_child() catches spoofing attempts" do
+      data = %{
+        "id" => "http://example.com/whatever",
+        "type" => "Create",
+        "object" => %{
+          "id" => "http://example.net/~alyssa/activities/1234",
+          "attributedTo" => "http://example.org/~alyssa"
+        },
+        "actor" => "http://example.com/~bob"
+      }
+
+      :error = Containment.contain_child(data)
+    end
+
+    test "contain_child() allows correct origins" do
+      data = %{
+        "id" => "http://example.org/~alyssa/activities/5678",
+        "type" => "Create",
+        "object" => %{
+          "id" => "http://example.org/~alyssa/activities/1234",
+          "attributedTo" => "http://example.org/~alyssa"
+        },
+        "actor" => "http://example.org/~alyssa"
+      }
+
+      :ok = Containment.contain_child(data)
     end
   end
 end