From: William Pitcock Date: Sat, 17 Nov 2018 18:24:58 +0000 (+0000) Subject: tests: add a second spoofing variant X-Git-Url: https://git.squeep.com/?a=commitdiff_plain;h=b483ae0a724a2b76e8c61f63a96d7867339dacb1;p=akkoma tests: add a second spoofing variant --- diff --git a/test/fixtures/httpoison_mock/https__info.pleroma.site_activity3.json b/test/fixtures/httpoison_mock/https__info.pleroma.site_activity3.json new file mode 100644 index 000000000..1df73f2c5 --- /dev/null +++ b/test/fixtures/httpoison_mock/https__info.pleroma.site_activity3.json @@ -0,0 +1,13 @@ +{ + "@context": "https://www.w3.org/ns/activitystreams", + "attributedTo": "http://mastodon.example.org/users/admin", + "attachment": [], + "content": "

this post was not actually written by Haelwenn

", + "id": "https://info.pleroma.site/activity2.json", + "published": "2018-09-01T22:15:00Z", + "tag": [], + "to": [ + "https://www.w3.org/ns/activitystreams#Public" + ], + "type": "Note" +} diff --git a/test/support/httpoison_mock.ex b/test/support/httpoison_mock.ex index 2ea10910e..ebd1e9c4d 100644 --- a/test/support/httpoison_mock.ex +++ b/test/support/httpoison_mock.ex @@ -48,6 +48,14 @@ defmodule HTTPoisonMock do }} end + def get("https://info.pleroma.site/activity3.json", _, _) do + {:ok, + %Response{ + status_code: 200, + body: File.read!("test/fixtures/httpoison_mock/https__info.pleroma.site_activity3.json") + }} + end + def get("https://info.pleroma.site/actor.json", _, _) do {:ok, %Response{ diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs index e5308d125..6320b5b6e 100644 --- a/test/web/activity_pub/transmogrifier_test.exs +++ b/test/web/activity_pub/transmogrifier_test.exs @@ -884,11 +884,11 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do :error = Transmogrifier.handle_incoming(data) end - test "it rejects objects when the ID does not match the fetched URI" do + test "it rejects objects when attributedTo is wrong (variant 1)" do {:error, _} = ActivityPub.fetch_object_from_id("https://info.pleroma.site/activity2.json") end - test "it rejects activities which reference objects by mismatched URI" do + test "it rejects activities which reference objects that have an incorrect attribution (variant 1)" do data = %{ "@context" => "https://www.w3.org/ns/activitystreams", "id" => "http://mastodon.example.org/users/admin/activities/1234", @@ -900,5 +900,22 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do :error = Transmogrifier.handle_incoming(data) end + + test "it rejects objects when attributedTo is wrong (variant 2)" do + {:error, _} = ActivityPub.fetch_object_from_id("https://info.pleroma.site/activity3.json") + end + + test "it rejects activities which reference objects that have an incorrect attribution (variant 2)" do + data = %{ + "@context" => "https://www.w3.org/ns/activitystreams", + "id" => "http://mastodon.example.org/users/admin/activities/1234", + "actor" => "http://mastodon.example.org/users/admin", + "to" => ["https://www.w3.org/ns/activitystreams#Public"], + "object" => "https://info.pleroma.site/activity3.json", + "type" => "Announce" + } + + :error = Transmogrifier.handle_incoming(data) + end end end