tests: add a test to verify the general fake direction protection works in all cases

2018-11-17 20:31:20 +00:00 · 2018-11-17 20:31:20 +00:00 · 55640c4804
commit 55640c4804
parent dc1d8e13b4
3 changed files with 28 additions and 0 deletions
--- a/test/fixtures/httpoison_mock/https__info.pleroma.site_activity4.json
+++ b/test/fixtures/httpoison_mock/https__info.pleroma.site_activity4.json
@ -0,0 +1,13 @@
+{
+        "@context": "https://www.w3.org/ns/activitystreams",
+        "attributedTo": "http://mastodon.example.org/users/admin",
+        "attachment": [],
+        "content": "<p>this post was not actually written by Haelwenn</p>",
+        "id": "http://mastodon.example.org/users/admin/activities/1234",
+        "published": "2018-09-01T22:15:00Z",
+        "tag": [],
+        "to": [
+            "https://www.w3.org/ns/activitystreams#Public"
+        ],
+        "type": "Note"
+}
--- a/test/support/httpoison_mock.ex
+++ b/test/support/httpoison_mock.ex
@ -56,6 +56,14 @@ def get("https://info.pleroma.site/activity3.json", _, _) do
     }}
  end

+  def get("https://info.pleroma.site/activity4.json", _, _) do
+    {:ok,
+     %Response{
+       status_code: 200,
+       body: File.read!("test/fixtures/httpoison_mock/https__info.pleroma.site_activity4.json")
+     }}
+  end
+
  def get("https://info.pleroma.site/actor.json", _, _) do
    {:ok,
     %Response{
--- a/test/web/activity_pub/transmogrifier_test.exs
+++ b/test/web/activity_pub/transmogrifier_test.exs
@ -967,5 +967,12 @@ test "users cannot be collided through fake direction spoofing attempts" do

      {:error, _} = User.get_or_fetch_by_ap_id("https://n1u.moe/users/rye")
    end
+
+    test "all objects with fake directions are rejected by the object fetcher" do
+      {:error, _} =
+        ActivityPub.fetch_and_contain_remote_object_from_id(
+          "https://info.pleroma.site/activity4.json"
+        )
+    end
  end
 end