diff options
| author | kaniini <ariadne@dereferenced.org> | 2019-07-31 18:30:40 +0000 |
|---|---|---|
| committer | kaniini <ariadne@dereferenced.org> | 2019-07-31 18:30:40 +0000 |
| commit | 8980c1c769dab3df91d34a90407d31e09788beff (patch) | |
| tree | e4418f4dbca7f6fb5ddc3025f139e9faa41e59bb /test | |
| parent | 957de9d77151c03c7eb42d71d4dcd533aff1903e (diff) | |
| parent | f72e0b7caddd96da67269552db3102733e4a2581 (diff) | |
| download | pleroma-8980c1c769dab3df91d34a90407d31e09788beff.tar.gz pleroma-8980c1c769dab3df91d34a90407d31e09788beff.zip | |
Merge branch 'hardening/disallow-ostatus-downgrade' into 'develop'
ostatus: explicitly disallow protocol downgrade from activitypub
See merge request pleroma/pleroma!1511
Diffstat (limited to 'test')
| -rw-r--r-- | test/web/ostatus/ostatus_test.exs | 48 |
1 files changed, 45 insertions, 3 deletions
diff --git a/test/web/ostatus/ostatus_test.exs b/test/web/ostatus/ostatus_test.exs index 4e8f3a0fc..d244dbcf7 100644 --- a/test/web/ostatus/ostatus_test.exs +++ b/test/web/ostatus/ostatus_test.exs @@ -426,7 +426,7 @@ defmodule Pleroma.Web.OStatusTest do } end - test "find_make_or_update_user takes an author element and returns an updated user" do + test "find_make_or_update_actor takes an author element and returns an updated user" do uri = "https://social.heldscal.la/user/23211" {:ok, user} = OStatus.find_or_make_user(uri) @@ -439,14 +439,56 @@ defmodule Pleroma.Web.OStatusTest do doc = XML.parse_document(File.read!("test/fixtures/23211.atom")) [author] = :xmerl_xpath.string('//author[1]', doc) - {:ok, user} = OStatus.find_make_or_update_user(author) + {:ok, user} = OStatus.find_make_or_update_actor(author) assert user.avatar["type"] == "Image" assert user.name == old_name assert user.bio == old_bio - {:ok, user_again} = OStatus.find_make_or_update_user(author) + {:ok, user_again} = OStatus.find_make_or_update_actor(author) assert user_again == user end + + test "find_or_make_user disallows protocol downgrade" do + user = insert(:user, %{local: true}) + {:ok, user} = OStatus.find_or_make_user(user.ap_id) + + assert User.ap_enabled?(user) + + user = + insert(:user, %{ + ap_id: "https://social.heldscal.la/user/23211", + info: %{ap_enabled: true}, + local: false + }) + + assert User.ap_enabled?(user) + + {:ok, user} = OStatus.find_or_make_user(user.ap_id) + assert User.ap_enabled?(user) + end + + test "find_make_or_update_actor disallows protocol downgrade" do + user = insert(:user, %{local: true}) + {:ok, user} = OStatus.find_or_make_user(user.ap_id) + + assert User.ap_enabled?(user) + + user = + insert(:user, %{ + ap_id: "https://social.heldscal.la/user/23211", + info: %{ap_enabled: true}, + local: false + }) + + assert User.ap_enabled?(user) + + {:ok, user} = OStatus.find_or_make_user(user.ap_id) + assert User.ap_enabled?(user) + + doc = XML.parse_document(File.read!("test/fixtures/23211.atom")) + [author] = :xmerl_xpath.string('//author[1]', doc) + {:error, :invalid_protocol} = OStatus.find_make_or_update_actor(author) + end end describe "gathering user info from a user id" do |