summaryrefslogtreecommitdiff
path: root/test
diff options
context:
space:
mode:
Diffstat (limited to 'test')
-rw-r--r--test/web/activity_pub/transmogrifier_test.exs38
1 files changed, 38 insertions, 0 deletions
diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs
index 6320b5b6e..b8adf3b8a 100644
--- a/test/web/activity_pub/transmogrifier_test.exs
+++ b/test/web/activity_pub/transmogrifier_test.exs
@@ -918,4 +918,42 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
:error = Transmogrifier.handle_incoming(data)
end
end
+
+ describe "general origin containment" do
+ test "contain_origin_from_id() catches obvious spoofing attempts" do
+ data = %{
+ "id" => "http://example.com/~alyssa/activities/1234.json"
+ }
+
+ :error =
+ Transmogrifier.contain_origin_from_id(
+ "http://example.org/~alyssa/activities/1234.json",
+ data
+ )
+ end
+
+ test "contain_origin_from_id() allows alternate IDs within the same origin domain" do
+ data = %{
+ "id" => "http://example.com/~alyssa/activities/1234.json"
+ }
+
+ :ok =
+ Transmogrifier.contain_origin_from_id(
+ "http://example.com/~alyssa/activities/1234",
+ data
+ )
+ end
+
+ test "contain_origin_from_id() allows matching IDs" do
+ data = %{
+ "id" => "http://example.com/~alyssa/activities/1234.json"
+ }
+
+ :ok =
+ Transmogrifier.contain_origin_from_id(
+ "http://example.com/~alyssa/activities/1234.json",
+ data
+ )
+ end
+ end
end
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 03:45:21 +0000