1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Object.ContainmentTest do
8 alias Pleroma.Object.Containment
11 import Pleroma.Factory
12 import ExUnit.CaptureLog
15 Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
19 describe "general origin containment" do
20 test "contain_origin_from_id() catches obvious spoofing attempts" do
22 "id" => "http://example.com/~alyssa/activities/1234.json"
26 Containment.contain_origin_from_id(
27 "http://example.org/~alyssa/activities/1234.json",
32 test "contain_origin_from_id() allows alternate IDs within the same origin domain" do
34 "id" => "http://example.com/~alyssa/activities/1234.json"
38 Containment.contain_origin_from_id(
39 "http://example.com/~alyssa/activities/1234",
44 test "contain_origin_from_id() allows matching IDs" do
46 "id" => "http://example.com/~alyssa/activities/1234.json"
50 Containment.contain_origin_from_id(
51 "http://example.com/~alyssa/activities/1234.json",
56 test "users cannot be collided through fake direction spoofing attempts" do
59 nickname: "rye@niu.moe",
61 ap_id: "https://niu.moe/users/rye",
62 follower_address: User.ap_followers(%User{nickname: "rye@niu.moe"})
65 assert capture_log(fn ->
66 {:error, _} = User.get_or_fetch_by_ap_id("https://n1u.moe/users/rye")
68 "[error] Could not decode user at fetch https://n1u.moe/users/rye, {:error, :error}"
72 describe "containment of children" do
73 test "contain_child() catches spoofing attempts" do
75 "id" => "http://example.com/whatever",
78 "id" => "http://example.net/~alyssa/activities/1234",
79 "attributedTo" => "http://example.org/~alyssa"
81 "actor" => "http://example.com/~bob"
84 :error = Containment.contain_child(data)
87 test "contain_child() allows correct origins" do
89 "id" => "http://example.org/~alyssa/activities/5678",
92 "id" => "http://example.org/~alyssa/activities/1234",
93 "attributedTo" => "http://example.org/~alyssa"
95 "actor" => "http://example.org/~alyssa"
98 :ok = Containment.contain_child(data)