tests: add additional spoofing tests

author William Pitcock <nenolod@dereferenced.org>

Sat, 17 Nov 2018 18:12:11 +0000 (18:12 +0000)

committer William Pitcock <nenolod@dereferenced.org>

Sat, 17 Nov 2018 18:12:11 +0000 (18:12 +0000)
author William Pitcock <nenolod@dereferenced.org>
Sat, 17 Nov 2018 18:12:11 +0000 (18:12 +0000)
committer William Pitcock <nenolod@dereferenced.org>
Sat, 17 Nov 2018 18:12:11 +0000 (18:12 +0000)
diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs

index 9250598f425ac877661e452c8134ae47258e3777..0ba969263583bec742310ca90733632275bd8e6c 100644 (file)
--- a/test/web/activity_pub/transmogrifier_test.exs
+++ b/test/web/activity_pub/transmogrifier_test.exs
@@ -883,5 +883,22 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
  
        :error = Transmogrifier.handle_incoming(data)
      end
+
+    test "it rejects objects when the ID does not match the fetched URI" do
+      {:error, _} = ActivityPub.fetch_object_from_id("https://info.pleroma.site/activity2.json")
+    end
+
+    test "it rejects activities which reference objects by mismatched URI" do
+      data = %{
+        "@context" => "https://www.w3.org/ns/activitystreams",
+        "id" => "http://mastodon.example.org/users/admin/activities/1234",
+        "actor" => "http://mastodon.example.org/users/admin",
+        "to" => ["https://www.w3.org/ns/activitystreams#Public"],
+        "object" => "https://info.pleroma.site/activity2.json",
+        "type" => "Announce"
+      }
+
+      :error = Transmogrifier.handle_incoming(data)
+    end
    end
  end
author	William Pitcock <nenolod@dereferenced.org>
	Sat, 17 Nov 2018 18:12:11 +0000 (18:12 +0000)
committer	William Pitcock <nenolod@dereferenced.org>
	Sat, 17 Nov 2018 18:12:11 +0000 (18:12 +0000)