diff options
| author | Eugen Rochko <eugen@zeonfederated.com> | 2018-08-22 20:55:14 +0200 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2018-08-22 20:55:14 +0200 |
| commit | 802cf6a4c53175c7da17ded39cf75679fa352385 (patch) | |
| tree | ea3833a78c7282626f58475175d491254a64e0d8 /spec/services/fetch_remote_status_service_spec.rb | |
| parent | ad41806e53e6b024aaca01d1d59fcc82d1c4b804 (diff) | |
Improve federated ID validation (#8372)
* Fix URI not being sufficiently validated with prefetched JSON * Add additional id validation to OStatus documents, when possible
Diffstat (limited to 'spec/services/fetch_remote_status_service_spec.rb')
| -rw-r--r-- | spec/services/fetch_remote_status_service_spec.rb | 52 |
1 files changed, 52 insertions, 0 deletions
diff --git a/spec/services/fetch_remote_status_service_spec.rb b/spec/services/fetch_remote_status_service_spec.rb index 0df9c329a..f9db024b9 100644 --- a/spec/services/fetch_remote_status_service_spec.rb +++ b/spec/services/fetch_remote_status_service_spec.rb @@ -32,4 +32,56 @@ RSpec.describe FetchRemoteStatusService, type: :service do expect(status.text).to eq 'Lorem ipsum' end end + + context 'protocol is :ostatus' do + subject { described_class.new } + + before do + Fabricate(:account, username: 'tracer', domain: 'real.domain', remote_url: 'https://real.domain/users/tracer') + end + + it 'does not create status with author at different domain' do + status_body = <<-XML.squish + <?xml version="1.0"?> + <entry xmlns="http://www.w3.org/2005/Atom" xmlns:thr="http://purl.org/syndication/thread/1.0" xmlns:activity="http://activitystrea.ms/spec/1.0/" xmlns:poco="http://portablecontacts.net/spec/1.0" xmlns:media="http://purl.org/syndication/atommedia" xmlns:ostatus="http://ostatus.org/schema/1.0" xmlns:mastodon="http://mastodon.social/schema/1.0"> + <id>tag:real.domain,2017-04-27:objectId=4487555:objectType=Status</id> + <published>2017-04-27T13:49:25Z</published> + <updated>2017-04-27T13:49:25Z</updated> + <activity:object-type>http://activitystrea.ms/schema/1.0/note</activity:object-type> + <activity:verb>http://activitystrea.ms/schema/1.0/post</activity:verb> + <author> + <id>https://real.domain/users/tracer</id> + <activity:object-type>http://activitystrea.ms/schema/1.0/person</activity:object-type> + <uri>https://real.domain/users/tracer</uri> + <name>tracer</name> + </author> + <content type="html">Overwatch rocks</content> + </entry> + XML + + expect(subject.call('https://fake.domain/foo', status_body, :ostatus)).to be_nil + end + + it 'does not create status with wrong id when id uses http format' do + status_body = <<-XML.squish + <?xml version="1.0"?> + <entry xmlns="http://www.w3.org/2005/Atom" xmlns:thr="http://purl.org/syndication/thread/1.0" xmlns:activity="http://activitystrea.ms/spec/1.0/" xmlns:poco="http://portablecontacts.net/spec/1.0" xmlns:media="http://purl.org/syndication/atommedia" xmlns:ostatus="http://ostatus.org/schema/1.0" xmlns:mastodon="http://mastodon.social/schema/1.0"> + <id>https://other-real.domain/statuses/123</id> + <published>2017-04-27T13:49:25Z</published> + <updated>2017-04-27T13:49:25Z</updated> + <activity:object-type>http://activitystrea.ms/schema/1.0/note</activity:object-type> + <activity:verb>http://activitystrea.ms/schema/1.0/post</activity:verb> + <author> + <id>https://real.domain/users/tracer</id> + <activity:object-type>http://activitystrea.ms/schema/1.0/person</activity:object-type> + <uri>https://real.domain/users/tracer</uri> + <name>tracer</name> + </author> + <content type="html">Overwatch rocks</content> + </entry> + XML + + expect(subject.call('https://real.domain/statuses/456', status_body, :ostatus)).to be_nil + end + end end |