Merge branch 'develop' into feature/admin-api-user-statuses

author: Maxim Filippov <colixer@gmail.com> 2019-07-18 23:38:38 +0300
committer: Maxim Filippov <colixer@gmail.com> 2019-07-18 23:38:38 +0300
commit: 9570a5be405c4cf4f07907eab4ced21e07fa20c9 (patch)
tree: 9575741206d0604e74ab2d8f719c3da0a3002b1d /test/object
parent: 418ae6638d64c915ce4dae742dd493f43c8025d8 (diff)
parent: 16cfee708ec8e9c6cbbeb15432127c7757c5c173 (diff)
download: pleroma-9570a5be405c4cf4f07907eab4ced21e07fa20c9.tar.gz
pleroma-9570a5be405c4cf4f07907eab4ced21e07fa20c9.zip
2 files changed, 79 insertions, 3 deletions
diff --git a/test/object/containment_test.exs b/test/object/containment_test.exs
index 1beed6236..61cd1b412 100644
--- a/test/object/containment_test.exs
+++ b/test/object/containment_test.exs
@@ -68,4 +68,34 @@ defmodule Pleroma.Object.ContainmentTest do
                "[error] Could not decode user at fetch https://n1u.moe/users/rye, {:error, :error}"
     end
   end
+
+  describe "containment of children" do
+    test "contain_child() catches spoofing attempts" do
+      data = %{
+        "id" => "http://example.com/whatever",
+        "type" => "Create",
+        "object" => %{
+          "id" => "http://example.net/~alyssa/activities/1234",
+          "attributedTo" => "http://example.org/~alyssa"
+        },
+        "actor" => "http://example.com/~bob"
+      }
+
+      :error = Containment.contain_child(data)
+    end
+
+    test "contain_child() allows correct origins" do
+      data = %{
+        "id" => "http://example.org/~alyssa/activities/5678",
+        "type" => "Create",
+        "object" => %{
+          "id" => "http://example.org/~alyssa/activities/1234",
+          "attributedTo" => "http://example.org/~alyssa"
+        },
+        "actor" => "http://example.org/~alyssa"
+      }
+
+      :ok = Containment.contain_child(data)
+    end
+  end
 end
diff --git a/test/object/fetcher_test.exs b/test/object/fetcher_test.exs
index 3b666e0d1..482252cff 100644
--- a/test/object/fetcher_test.exs
+++ b/test/object/fetcher_test.exs
@@ -9,6 +9,7 @@ defmodule Pleroma.Object.FetcherTest do
   alias Pleroma.Object
   alias Pleroma.Object.Fetcher
   import Tesla.Mock
+  import Mock
 
   setup do
     mock(fn
@@ -26,16 +27,31 @@ defmodule Pleroma.Object.FetcherTest do
   end
 
   describe "actor origin containment" do
-    test "it rejects objects with a bogus origin" do
+    test_with_mock "it rejects objects with a bogus origin",
+                   Pleroma.Web.OStatus,
+                   [:passthrough],
+                   [] do
       {:error, _} = Fetcher.fetch_object_from_id("https://info.pleroma.site/activity.json")
+
+      refute called(Pleroma.Web.OStatus.fetch_activity_from_url(:_))
     end
 
-    test "it rejects objects when attributedTo is wrong (variant 1)" do
+    test_with_mock "it rejects objects when attributedTo is wrong (variant 1)",
+                   Pleroma.Web.OStatus,
+                   [:passthrough],
+                   [] do
       {:error, _} = Fetcher.fetch_object_from_id("https://info.pleroma.site/activity2.json")
+
+      refute called(Pleroma.Web.OStatus.fetch_activity_from_url(:_))
     end
 
-    test "it rejects objects when attributedTo is wrong (variant 2)" do
+    test_with_mock "it rejects objects when attributedTo is wrong (variant 2)",
+                   Pleroma.Web.OStatus,
+                   [:passthrough],
+                   [] do
       {:error, _} = Fetcher.fetch_object_from_id("https://info.pleroma.site/activity3.json")
+
+      refute called(Pleroma.Web.OStatus.fetch_activity_from_url(:_))
     end
   end
 
@@ -134,4 +150,34 @@ defmodule Pleroma.Object.FetcherTest do
       assert object.id != object_two.id
     end
   end
+
+  describe "signed fetches" do
+    test_with_mock "it signs fetches when configured to do so",
+                   Pleroma.Signature,
+                   [:passthrough],
+                   [] do
+      option = Pleroma.Config.get([:activitypub, :sign_object_fetches])
+      Pleroma.Config.put([:activitypub, :sign_object_fetches], true)
+
+      Fetcher.fetch_object_from_id("http://mastodon.example.org/@admin/99541947525187367")
+
+      assert called(Pleroma.Signature.sign(:_, :_))
+
+      Pleroma.Config.put([:activitypub, :sign_object_fetches], option)
+    end
+
+    test_with_mock "it doesn't sign fetches when not configured to do so",
+                   Pleroma.Signature,
+                   [:passthrough],
+                   [] do
+      option = Pleroma.Config.get([:activitypub, :sign_object_fetches])
+      Pleroma.Config.put([:activitypub, :sign_object_fetches], false)
+
+      Fetcher.fetch_object_from_id("http://mastodon.example.org/@admin/99541947525187367")
+
+      refute called(Pleroma.Signature.sign(:_, :_))
+
+      Pleroma.Config.put([:activitypub, :sign_object_fetches], option)
+    end
+  end
 end
author	Maxim Filippov <colixer@gmail.com>	2019-07-18 23:38:38 +0300
committer	Maxim Filippov <colixer@gmail.com>	2019-07-18 23:38:38 +0300
commit	9570a5be405c4cf4f07907eab4ced21e07fa20c9 (patch)
tree	9575741206d0604e74ab2d8f719c3da0a3002b1d /test/object
parent	418ae6638d64c915ce4dae742dd493f43c8025d8 (diff)
parent	16cfee708ec8e9c6cbbeb15432127c7757c5c173 (diff)
download	pleroma-9570a5be405c4cf4f07907eab4ced21e07fa20c9.tar.gz pleroma-9570a5be405c4cf4f07907eab4ced21e07fa20c9.zip