diff options
| author | Eugen Rochko <eugen@zeonfederated.com> | 2018-08-22 20:55:14 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-08-22 20:55:14 +0200 |
| commit | 802cf6a4c53175c7da17ded39cf75679fa352385 (patch) | |
| tree | ea3833a78c7282626f58475175d491254a64e0d8 /spec/services/activitypub | |
| parent | ad41806e53e6b024aaca01d1d59fcc82d1c4b804 (diff) | |
Improve federated ID validation (#8372)
* Fix URI not being sufficiently validated with prefetched JSON * Add additional id validation to OStatus documents, when possible
Diffstat (limited to 'spec/services/activitypub')
| -rw-r--r-- | spec/services/activitypub/fetch_remote_account_service_spec.rb | 7 | ||||
| -rw-r--r-- | spec/services/activitypub/fetch_remote_status_service_spec.rb | 22 |
2 files changed, 28 insertions, 1 deletions
diff --git a/spec/services/activitypub/fetch_remote_account_service_spec.rb b/spec/services/activitypub/fetch_remote_account_service_spec.rb index dba55c034..aa13f0a9b 100644 --- a/spec/services/activitypub/fetch_remote_account_service_spec.rb +++ b/spec/services/activitypub/fetch_remote_account_service_spec.rb @@ -59,7 +59,6 @@ RSpec.describe ActivityPub::FetchRemoteAccountService, type: :service do it 'returns nil' do expect(account).to be_nil end - end context 'when URI and WebFinger share the same host' do @@ -119,5 +118,11 @@ RSpec.describe ActivityPub::FetchRemoteAccountService, type: :service do include_examples 'sets profile data' end + + context 'with wrong id' do + it 'does not create account' do + expect(subject.call('https://fake.address/@foo', prefetched_body: Oj.dump(actor))).to be_nil + end + end end end diff --git a/spec/services/activitypub/fetch_remote_status_service_spec.rb b/spec/services/activitypub/fetch_remote_status_service_spec.rb index 549eb80fa..9ae409996 100644 --- a/spec/services/activitypub/fetch_remote_status_service_spec.rb +++ b/spec/services/activitypub/fetch_remote_status_service_spec.rb @@ -70,5 +70,27 @@ RSpec.describe ActivityPub::FetchRemoteStatusService, type: :service do expect(strip_tags(status.text)).to eq "Nyan Cat 10 hours remix https://#{valid_domain}/watch?v=12345" end end + + context 'with wrong id' do + let(:note) do + { + '@context': 'https://www.w3.org/ns/activitystreams', + id: "https://real.address/@foo/1234", + type: 'Note', + content: 'Lorem ipsum', + attributedTo: ActivityPub::TagManager.instance.uri_for(sender), + } + end + + let(:object) do + temp = note.dup + temp[:id] = 'https://fake.address/@foo/5678' + temp + end + + it 'does not create status' do + expect(sender.statuses.first).to be_nil + end + end end end |