--- /dev/null
+{
+ "@context": "https://www.w3.org/ns/activitystreams",
+ "actor": "https://mastodon.example.org/users/admin",
+ "attachment": [],
+ "attributedTo": "https://mastodon.example.org/users/admin",
+ "content": "<p>this post was not actually written by Haelwenn</p>",
+ "id": "https://info.pleroma.site/activity.json",
+ "published": "2018-09-01T22:15:00Z",
+ "tag": [],
+ "to": [
+ "https://www.w3.org/ns/activitystreams#Public"
+ ],
+ "type": "Note"
+}
def get(url, body \\ [], headers \\ [])
+ def get("https://info.pleroma.site/activity.json", _, _) do
+ {:ok,
+ %Response{
+ status_code: 200,
+ body: File.read!("test/fixtures/httpoison_mock/https__info.pleroma.site_activity.json")
+ }}
+ end
+
def get("https://puckipedia.com/", [Accept: "application/activity+json"], _) do
{:ok,
%Response{
assert rewritten["url"] == "http://example.com"
end
end
+
+ describe "actor origin containment" do
+ test "it rejects objects with a bogus origin" do
+ {:error, _} = ActivityPub.fetch_object_from_id("https://info.pleroma.site/activity.json")
+ end
+
+ test "it rejects activities which reference objects with bogus origins" do
+ user = insert(:user, %{local: false})
+
+ data = %{
+ "@context" => "https://www.w3.org/ns/activitystreams",
+ "id" => user.ap_id <> "/activities/1234",
+ "actor" => user.ap_id,
+ "to" => ["https://www.w3.org/ns/activitystreams#Public"],
+ "object" => "https://info.pleroma.site/activity.json",
+ "type" => "Announce"
+ }
+
+ :error = Transmogrifier.handle_incoming(data)
+ end
+ end
end
projects / akkoma / commitdiff