2018-12-23 20:11:29 +00:00
|
|
|
# Pleroma: A lightweight social networking server
|
2021-01-13 06:49:20 +00:00
|
|
|
# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
|
2018-12-23 20:11:29 +00:00
|
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
|
2017-04-17 11:44:41 +00:00
|
|
|
defmodule Pleroma.Web.WebFingerTest do
|
2023-08-01 10:43:50 +00:00
|
|
|
use Pleroma.DataCase
|
2017-04-28 15:41:12 +00:00
|
|
|
alias Pleroma.Web.WebFinger
|
2017-04-30 13:00:04 +00:00
|
|
|
import Pleroma.Factory
|
2018-12-02 19:05:28 +00:00
|
|
|
import Tesla.Mock
|
|
|
|
|
|
|
|
setup do
|
2024-05-22 18:30:03 +00:00
|
|
|
mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)
|
2018-12-02 19:05:28 +00:00
|
|
|
:ok
|
|
|
|
end
|
2017-04-17 11:44:41 +00:00
|
|
|
|
|
|
|
describe "host meta" do
|
|
|
|
test "returns a link to the xml lrdd" do
|
2017-04-28 15:41:12 +00:00
|
|
|
host_info = WebFinger.host_meta()
|
2017-04-17 11:44:41 +00:00
|
|
|
|
2021-05-31 20:09:11 +00:00
|
|
|
assert String.contains?(host_info, Pleroma.Web.Endpoint.url())
|
2017-04-17 11:44:41 +00:00
|
|
|
end
|
|
|
|
end
|
2017-04-28 15:41:12 +00:00
|
|
|
|
2017-05-01 11:51:17 +00:00
|
|
|
describe "incoming webfinger request" do
|
|
|
|
test "works for fqns" do
|
|
|
|
user = insert(:user)
|
|
|
|
|
2018-03-30 13:01:53 +00:00
|
|
|
{:ok, result} =
|
|
|
|
WebFinger.webfinger("#{user.nickname}@#{Pleroma.Web.Endpoint.host()}", "XML")
|
|
|
|
|
2017-05-01 11:51:17 +00:00
|
|
|
assert is_binary(result)
|
|
|
|
end
|
|
|
|
|
|
|
|
test "works for ap_ids" do
|
|
|
|
user = insert(:user)
|
|
|
|
|
2018-03-21 17:58:31 +00:00
|
|
|
{:ok, result} = WebFinger.webfinger(user.ap_id, "XML")
|
2017-05-01 11:51:17 +00:00
|
|
|
assert is_binary(result)
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
2017-04-28 15:41:12 +00:00
|
|
|
describe "fingering" do
|
2020-08-25 15:35:59 +00:00
|
|
|
test "returns error for nonsensical input" do
|
|
|
|
assert {:error, _} = WebFinger.finger("bliblablu")
|
|
|
|
assert {:error, _} = WebFinger.finger("pleroma.social")
|
|
|
|
end
|
|
|
|
|
2021-03-18 10:49:03 +00:00
|
|
|
test "returns error when there is no content-type header" do
|
|
|
|
Tesla.Mock.mock(fn
|
2022-08-02 13:54:22 +00:00
|
|
|
%{url: "https://social.heldscal.la/.well-known/host-meta"} ->
|
2021-03-18 10:49:03 +00:00
|
|
|
{:ok,
|
|
|
|
%Tesla.Env{
|
|
|
|
status: 200,
|
|
|
|
body: File.read!("test/fixtures/tesla_mock/social.heldscal.la_host_meta")
|
|
|
|
}}
|
|
|
|
|
|
|
|
%{
|
|
|
|
url:
|
|
|
|
"https://social.heldscal.la/.well-known/webfinger?resource=acct:invalid_content@social.heldscal.la"
|
|
|
|
} ->
|
|
|
|
{:ok, %Tesla.Env{status: 200, body: ""}}
|
|
|
|
end)
|
|
|
|
|
|
|
|
user = "invalid_content@social.heldscal.la"
|
|
|
|
assert {:error, {:content_type, nil}} = WebFinger.finger(user)
|
|
|
|
end
|
|
|
|
|
2019-07-24 15:13:10 +00:00
|
|
|
test "returns error when fails parse xml or json" do
|
|
|
|
user = "invalid_content@social.heldscal.la"
|
|
|
|
assert {:error, %Jason.DecodeError{}} = WebFinger.finger(user)
|
|
|
|
end
|
|
|
|
|
2018-03-21 19:23:09 +00:00
|
|
|
test "returns the ActivityPub actor URI for an ActivityPub user" do
|
|
|
|
user = "framasoft@framatube.org"
|
|
|
|
|
|
|
|
{:ok, _data} = WebFinger.finger(user)
|
|
|
|
end
|
|
|
|
|
2019-07-24 16:27:34 +00:00
|
|
|
test "it work for AP-only user" do
|
|
|
|
user = "kpherox@mstdn.jp"
|
|
|
|
|
|
|
|
{:ok, data} = WebFinger.finger(user)
|
|
|
|
|
|
|
|
assert data["magic_key"] == nil
|
|
|
|
assert data["salmon"] == nil
|
|
|
|
|
2020-05-05 07:25:09 +00:00
|
|
|
assert data["topic"] == nil
|
2019-07-24 16:27:34 +00:00
|
|
|
assert data["subject"] == "acct:kPherox@mstdn.jp"
|
|
|
|
assert data["ap_id"] == "https://mstdn.jp/users/kPherox"
|
2020-05-05 07:55:33 +00:00
|
|
|
assert data["subscribe_address"] == "https://mstdn.jp/authorize_interaction?acct={uri}"
|
2019-07-24 16:27:34 +00:00
|
|
|
end
|
|
|
|
|
2017-08-24 10:54:53 +00:00
|
|
|
test "it gets the xrd endpoint" do
|
|
|
|
{:ok, template} = WebFinger.find_lrdd_template("social.heldscal.la")
|
|
|
|
|
|
|
|
assert template == "https://social.heldscal.la/.well-known/webfinger?resource={uri}"
|
|
|
|
end
|
|
|
|
|
|
|
|
test "it gets the xrd endpoint for hubzilla" do
|
|
|
|
{:ok, template} = WebFinger.find_lrdd_template("macgirvin.com")
|
|
|
|
|
|
|
|
assert template == "https://macgirvin.com/xrd/?uri={uri}"
|
|
|
|
end
|
2018-05-21 12:38:12 +00:00
|
|
|
|
|
|
|
test "it gets the xrd endpoint for statusnet" do
|
|
|
|
{:ok, template} = WebFinger.find_lrdd_template("status.alpicola.com")
|
|
|
|
|
2022-08-02 13:54:22 +00:00
|
|
|
assert template == "https://status.alpicola.com/main/xrd?uri={uri}"
|
2018-05-21 12:38:12 +00:00
|
|
|
end
|
2019-07-10 15:23:25 +00:00
|
|
|
|
|
|
|
test "it works with idna domains as nickname" do
|
|
|
|
nickname = "lain@" <> to_string(:idna.encode("zetsubou.みんな"))
|
|
|
|
|
|
|
|
{:ok, _data} = WebFinger.finger(nickname)
|
|
|
|
end
|
|
|
|
|
|
|
|
test "it works with idna domains as link" do
|
|
|
|
ap_id = "https://" <> to_string(:idna.encode("zetsubou.みんな")) <> "/users/lain"
|
|
|
|
{:ok, _data} = WebFinger.finger(ap_id)
|
|
|
|
end
|
2021-03-18 10:49:03 +00:00
|
|
|
|
|
|
|
test "respects json content-type" do
|
|
|
|
Tesla.Mock.mock(fn
|
|
|
|
%{
|
|
|
|
url:
|
|
|
|
"https://mastodon.social/.well-known/webfinger?resource=acct:emelie@mastodon.social"
|
|
|
|
} ->
|
|
|
|
{:ok,
|
|
|
|
%Tesla.Env{
|
|
|
|
status: 200,
|
|
|
|
body: File.read!("test/fixtures/tesla_mock/webfinger_emelie.json"),
|
|
|
|
headers: [{"content-type", "application/jrd+json"}]
|
|
|
|
}}
|
|
|
|
|
2022-08-02 13:54:22 +00:00
|
|
|
%{url: "https://mastodon.social/.well-known/host-meta"} ->
|
2021-03-18 10:49:03 +00:00
|
|
|
{:ok,
|
|
|
|
%Tesla.Env{
|
|
|
|
status: 200,
|
|
|
|
body: File.read!("test/fixtures/tesla_mock/mastodon.social_host_meta")
|
|
|
|
}}
|
|
|
|
end)
|
|
|
|
|
|
|
|
{:ok, _data} = WebFinger.finger("emelie@mastodon.social")
|
|
|
|
end
|
|
|
|
|
|
|
|
test "respects xml content-type" do
|
|
|
|
Tesla.Mock.mock(fn
|
|
|
|
%{
|
|
|
|
url: "https://pawoo.net/.well-known/webfinger?resource=acct:pekorino@pawoo.net"
|
|
|
|
} ->
|
|
|
|
{:ok,
|
|
|
|
%Tesla.Env{
|
|
|
|
status: 200,
|
|
|
|
body: File.read!("test/fixtures/tesla_mock/https___pawoo.net_users_pekorino.xml"),
|
|
|
|
headers: [{"content-type", "application/xrd+xml"}]
|
|
|
|
}}
|
|
|
|
|
2022-08-02 13:54:22 +00:00
|
|
|
%{url: "https://pawoo.net/.well-known/host-meta"} ->
|
2021-03-18 10:49:03 +00:00
|
|
|
{:ok,
|
|
|
|
%Tesla.Env{
|
|
|
|
status: 200,
|
|
|
|
body: File.read!("test/fixtures/tesla_mock/pawoo.net_host_meta")
|
|
|
|
}}
|
|
|
|
end)
|
|
|
|
|
|
|
|
{:ok, _data} = WebFinger.finger("pekorino@pawoo.net")
|
|
|
|
end
|
2024-05-22 18:08:37 +00:00
|
|
|
|
|
|
|
test "prevents spoofing" do
|
|
|
|
Tesla.Mock.mock(fn
|
|
|
|
%{
|
|
|
|
url: "https://bad.com/.well-known/webfinger?resource=acct:meanie@bad.com"
|
|
|
|
} ->
|
|
|
|
{:ok,
|
|
|
|
%Tesla.Env{
|
|
|
|
status: 200,
|
|
|
|
body: File.read!("test/fixtures/tesla_mock/webfinger_spoof.json"),
|
|
|
|
headers: [{"content-type", "application/jrd+json"}]
|
|
|
|
}}
|
|
|
|
|
|
|
|
%{url: "https://bad.com/.well-known/host-meta"} ->
|
|
|
|
{:ok,
|
|
|
|
%Tesla.Env{
|
|
|
|
status: 200,
|
|
|
|
body: File.read!("test/fixtures/tesla_mock/bad.com_host_meta")
|
|
|
|
}}
|
|
|
|
end)
|
|
|
|
|
|
|
|
{:error, _data} = WebFinger.finger("meanie@bad.com")
|
|
|
|
end
|
2017-04-28 15:41:12 +00:00
|
|
|
end
|
2024-05-22 18:17:34 +00:00
|
|
|
|
|
|
|
@tag capture_log: true
|
|
|
|
test "prevents forgeries" do
|
|
|
|
Tesla.Mock.mock(fn
|
|
|
|
%{url: "https://bad.com/.well-known/webfinger?resource=acct:meanie@bad.com"} ->
|
|
|
|
fake_webfinger =
|
|
|
|
File.read!("test/fixtures/webfinger/imposter-webfinger.json") |> Jason.decode!()
|
|
|
|
|
|
|
|
Tesla.Mock.json(fake_webfinger)
|
|
|
|
|
|
|
|
%{url: "https://bad.com/.well-known/host-meta"} ->
|
|
|
|
{:ok, %Tesla.Env{status: 404}}
|
|
|
|
end)
|
|
|
|
|
|
|
|
assert {:error, {:webfinger_invalid, _, _}} = WebFinger.finger("meanie@bad.com")
|
|
|
|
end
|
2017-04-17 11:44:41 +00:00
|
|
|
end
|