X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=test%2Fpleroma%2Fobject%2Ffetcher_test.exs;h=d9172a3ec29ef472ecc876136f4c0bacfcb6cb38;hb=6fd4163ab60be07b1a20ac8911e105ddca8e2095;hp=14d2c645fe4fbbbc83f62bc70b157eef0e9ff345;hpb=049ece1ef38f1aeb656a88ed1d15bf3d4a364e01;p=akkoma
diff --git a/test/pleroma/object/fetcher_test.exs b/test/pleroma/object/fetcher_test.exs
index 14d2c645f..d9172a3ec 100644
--- a/test/pleroma/object/fetcher_test.exs
+++ b/test/pleroma/object/fetcher_test.exs
@@ -1,5 +1,5 @@
# Pleroma: A lightweight social networking server
-# Copyright © 2017-2020 Pleroma Authors
+# Copyright © 2017-2021 Pleroma Authors
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Object.FetcherTest do
@@ -21,6 +21,17 @@ defmodule Pleroma.Object.FetcherTest do
%{method: :get, url: "https://mastodon.example.org/users/userisgone404"} ->
%Tesla.Env{status: 404}
+ %{
+ method: :get,
+ url:
+ "https://patch.cx/media/03ca3c8b4ac3ddd08bf0f84be7885f2f88de0f709112131a22d83650819e36c2.json"
+ } ->
+ %Tesla.Env{
+ status: 200,
+ headers: [{"content-type", "application/json"}],
+ body: File.read!("test/fixtures/spoofed-object.json")
+ }
+
env ->
apply(HttpRequestMock, :request, [env])
end)
@@ -34,19 +45,22 @@ defmodule Pleroma.Object.FetcherTest do
%{method: :get, url: "https://social.sakamoto.gq/notice/9wTkLEnuq47B25EehM"} ->
%Tesla.Env{
status: 200,
- body: File.read!("test/fixtures/fetch_mocks/9wTkLEnuq47B25EehM.json")
+ body: File.read!("test/fixtures/fetch_mocks/9wTkLEnuq47B25EehM.json"),
+ headers: HttpRequestMock.activitypub_object_headers()
}
%{method: :get, url: "https://social.sakamoto.gq/users/eal"} ->
%Tesla.Env{
status: 200,
- body: File.read!("test/fixtures/fetch_mocks/eal.json")
+ body: File.read!("test/fixtures/fetch_mocks/eal.json"),
+ headers: HttpRequestMock.activitypub_object_headers()
}
%{method: :get, url: "https://busshi.moe/users/tuxcrafting/statuses/104410921027210069"} ->
%Tesla.Env{
status: 200,
- body: File.read!("test/fixtures/fetch_mocks/104410921027210069.json")
+ body: File.read!("test/fixtures/fetch_mocks/104410921027210069.json"),
+ headers: HttpRequestMock.activitypub_object_headers()
}
%{method: :get, url: "https://busshi.moe/users/tuxcrafting"} ->
@@ -132,6 +146,13 @@ defmodule Pleroma.Object.FetcherTest do
"http://mastodon.example.org/@admin/99541947525187367"
)
end
+
+ test "it does not fetch a spoofed object uploaded on an instance as an attachment" do
+ assert {:error, _} =
+ Fetcher.fetch_object_from_id(
+ "https://patch.cx/media/03ca3c8b4ac3ddd08bf0f84be7885f2f88de0f709112131a22d83650819e36c2.json"
+ )
+ end
end
describe "implementation quirks" do