Add test for handling Announces with inlined object from different origin

diff --git a/test/fixtures/bogus-mastodon-announce.json b/test/fixtures/bogus-mastodon-announce.json
new file mode 100644 (file)
index 0000000..0485b80
--- /dev/null
+++ b/test/fixtures/bogus-mastodon-announce.json
@@ -0,0 +1,43 @@
+{
+  "type": "Announce",
+  "to": [
+    "https://www.w3.org/ns/activitystreams#Public"
+  ],
+  "published": "2018-02-17T19:39:15Z",
+  "object": {
+    "type": "Note",
+    "id": "https://mastodon.social/users/emelie/statuses/101849165031453404",
+    "attributedTo": "https://mastodon.social/users/emelie",
+    "content": "this is a public toot",
+    "to": [
+      "https://www.w3.org/ns/activitystreams#Public"
+    ],
+    "cc": [
+      "https://mastodon.social/users/emelie",
+      "https://mastodon.social/users/emelie/followers"
+    ]
+  },
+  "id": "http://mastodon.example.org/users/admin/statuses/99542391527669785/activity",
+  "cc": [
+    "http://mastodon.example.org/users/admin",
+    "http://mastodon.example.org/users/admin/followers"
+  ],
+  "atomUri": "http://mastodon.example.org/users/admin/statuses/99542391527669785/activity",
+  "actor": "http://mastodon.example.org/users/admin",
+  "@context": [
+    "https://www.w3.org/ns/activitystreams",
+    "https://w3id.org/security/v1",
+    {
+      "toot": "http://joinmastodon.org/ns#",
+      "sensitive": "as:sensitive",
+      "ostatus": "http://ostatus.org#",
+      "movedTo": "as:movedTo",
+      "manuallyApprovesFollowers": "as:manuallyApprovesFollowers",
+      "inReplyToAtomUri": "ostatus:inReplyToAtomUri",
+      "conversation": "ostatus:conversation",
+      "atomUri": "ostatus:atomUri",
+      "Hashtag": "as:Hashtag",
+      "Emoji": "toot:Emoji"
+    }
+  ]
+}

diff --git a/test/support/http_request_mock.ex b/test/support/http_request_mock.ex
index 7a87a2b357056b97b84ddbc9066c6a17b0084cbf..b825a93075b7d856fd8391dac67e26ef86a5aa52 100644 (file)
--- a/test/support/http_request_mock.ex
+++ b/test/support/http_request_mock.ex
@@ -46,6 +46,14 @@ defmodule HttpRequestMock do
      }}
   end
 
+  def get("https://mastodon.social/users/emelie/statuses/101849165031453404", _, _, _) do
+    {:ok,
+     %Tesla.Env{
+       status: 404,
+       body: ""
+     }}
+  end
+
   def get("https://mastodon.social/users/emelie", _, _, _) do
     {:ok,
      %Tesla.Env{

diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs
index d25334104044348c86495e628283a055264092ce..02f60670933ffa457b425e745b1d0df9762e12c3 100644 (file)
--- a/test/web/activity_pub/transmogrifier_test.exs
+++ b/test/web/activity_pub/transmogrifier_test.exs
@@ -461,6 +461,14 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
       assert object.data["content"] == "this is a private toot"
     end
 
+    test "it rejects incoming announces with an inlined activity from another origin" do
+      data =
+        File.read!("test/fixtures/bogus-mastodon-announce.json")
+        |> Poison.decode!()
+
+      assert :error = Transmogrifier.handle_incoming(data)
+    end
+
     test "it does not clobber the addressing on announce activities" do
       user = insert(:user)
       {:ok, activity} = CommonAPI.post(user, %{"status" => "hey"})