projects / akkoma / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge remote-tracking branch 'upstream/develop' into feature/move-activity
[akkoma] / test / object / containment_test.exs
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Object.ContainmentTest do
6 use Pleroma.DataCase
7
8 alias Pleroma.Object.Containment
9 alias Pleroma.User
10
11 import Pleroma.Factory
12 import ExUnit.CaptureLog
13
14 setup_all do
15 Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
16 :ok
17 end
18
19 describe "general origin containment" do
20 test "works for completely actorless posts" do
21 assert :error ==
22 Containment.contain_origin("https://glaceon.social/users/monorail", %{
23 "deleted" => "2019-10-30T05:48:50.249606Z",
24 "formerType" => "Note",
25 "id" => "https://glaceon.social/users/monorail/statuses/103049757364029187",
26 "type" => "Tombstone"
27 })
28 end
29
30 test "contain_origin_from_id() catches obvious spoofing attempts" do
31 data = %{
32 "id" => "http://example.com/~alyssa/activities/1234.json"
33 }
34
35 :error =
36 Containment.contain_origin_from_id(
37 "http://example.org/~alyssa/activities/1234.json",
38 data
39 )
40 end
41
42 test "contain_origin_from_id() allows alternate IDs within the same origin domain" do
43 data = %{
44 "id" => "http://example.com/~alyssa/activities/1234.json"
45 }
46
47 :ok =
48 Containment.contain_origin_from_id(
49 "http://example.com/~alyssa/activities/1234",
50 data
51 )
52 end
53
54 test "contain_origin_from_id() allows matching IDs" do
55 data = %{
56 "id" => "http://example.com/~alyssa/activities/1234.json"
57 }
58
59 :ok =
60 Containment.contain_origin_from_id(
61 "http://example.com/~alyssa/activities/1234.json",
62 data
63 )
64 end
65
66 test "users cannot be collided through fake direction spoofing attempts" do
67 _user =
68 insert(:user, %{
69 nickname: "rye@niu.moe",
70 local: false,
71 ap_id: "https://niu.moe/users/rye",
72 follower_address: User.ap_followers(%User{nickname: "rye@niu.moe"})
73 })
74
75 assert capture_log(fn ->
76 {:error, _} = User.get_or_fetch_by_ap_id("https://n1u.moe/users/rye")
77 end) =~
78 "[error] Could not decode user at fetch https://n1u.moe/users/rye"
79 end
80
81 test "contain_origin_from_id() gracefully handles cases where no ID is present" do
82 data = %{
83 "type" => "Create",
84 "object" => %{
85 "id" => "http://example.net/~alyssa/activities/1234",
86 "attributedTo" => "http://example.org/~alyssa"
87 },
88 "actor" => "http://example.com/~bob"
89 }
90
91 :error =
92 Containment.contain_origin_from_id("http://example.net/~alyssa/activities/1234", data)
93 end
94 end
95
96 describe "containment of children" do
97 test "contain_child() catches spoofing attempts" do
98 data = %{
99 "id" => "http://example.com/whatever",
100 "type" => "Create",
101 "object" => %{
102 "id" => "http://example.net/~alyssa/activities/1234",
103 "attributedTo" => "http://example.org/~alyssa"
104 },
105 "actor" => "http://example.com/~bob"
106 }
107
108 :error = Containment.contain_child(data)
109 end
110
111 test "contain_child() allows correct origins" do
112 data = %{
113 "id" => "http://example.org/~alyssa/activities/5678",
114 "type" => "Create",
115 "object" => %{
116 "id" => "http://example.org/~alyssa/activities/1234",
117 "attributedTo" => "http://example.org/~alyssa"
118 },
119 "actor" => "http://example.org/~alyssa"
120 }
121
122 :ok = Containment.contain_child(data)
123 end
124 end
125 end
Fork of https://akkoma.dev/AkkomaGang/akkoma.git