about summary refs log tree commit diff
path: root/spec
diff options
context:
space:
mode:
authorAkihiko Odaki <akihiko.odaki.4i@stu.hosei.ac.jp>2017-10-04 08:13:48 +0900
committerEugen Rochko <eugen@zeonfederated.com>2017-10-04 01:13:48 +0200
commit63f097979990bf5ba9db848b8a253056bad781af (patch)
treea1681de3a9e40b977adbf4c54332e4ab787bd13e /spec
parentec13cfa4f940e9f9441ceff1f7389bb0e1bd61fb (diff)
Validate id of ActivityPub representations (#5114)
Additionally, ActivityPub::FetchRemoteStatusService no longer parses
activities.
OStatus::Activity::Creation no longer delegates to ActivityPub because
the provided ActivityPub representations are not signed while OStatus
representations are.
Diffstat (limited to 'spec')
-rw-r--r--spec/helpers/jsonld_helper_spec.rb35
-rw-r--r--spec/services/activitypub/fetch_remote_account_service_spec.rb2
-rw-r--r--spec/services/activitypub/fetch_remote_status_service_spec.rb41
3 files changed, 36 insertions, 42 deletions
diff --git a/spec/helpers/jsonld_helper_spec.rb b/spec/helpers/jsonld_helper_spec.rb
index 7d3912e6c..48bfdc306 100644
--- a/spec/helpers/jsonld_helper_spec.rb
+++ b/spec/helpers/jsonld_helper_spec.rb
@@ -30,6 +30,39 @@ describe JsonLdHelper do
   end
 
   describe '#fetch_resource' do
-    pending
+    context 'when the second argument is false' do
+      it 'returns resource even if the retrieved ID and the given URI does not match' do
+        stub_request(:get, 'https://bob/').to_return body: '{"id": "https://alice/"}'
+        stub_request(:get, 'https://alice/').to_return body: '{"id": "https://alice/"}'
+
+        expect(fetch_resource('https://bob/', false)).to eq({ 'id' => 'https://alice/' })
+      end
+
+      it 'returns nil if the object identified by the given URI and the object identified by the retrieved ID does not match' do
+        stub_request(:get, 'https://mallory/').to_return body: '{"id": "https://marvin/"}'
+        stub_request(:get, 'https://marvin/').to_return body: '{"id": "https://alice/"}'
+
+        expect(fetch_resource('https://mallory/', false)).to eq nil
+      end
+    end
+
+    context 'when the second argument is true' do
+      it 'returns nil if the retrieved ID and the given URI does not match' do
+        stub_request(:get, 'https://mallory/').to_return body: '{"id": "https://alice/"}'
+        expect(fetch_resource('https://mallory/', true)).to eq nil
+      end
+    end
+  end
+
+  describe '#fetch_resource_without_id_validation' do
+    it 'returns nil if the status code is not 200' do
+      stub_request(:get, 'https://host/').to_return status: 400, body: '{}'
+      expect(fetch_resource_without_id_validation('https://host/')).to eq nil
+    end
+
+    it 'returns hash' do
+      stub_request(:get, 'https://host/').to_return status: 200, body: '{}'
+      expect(fetch_resource_without_id_validation('https://host/')).to eq({})
+    end
   end
 end
diff --git a/spec/services/activitypub/fetch_remote_account_service_spec.rb b/spec/services/activitypub/fetch_remote_account_service_spec.rb
index ed7e9bba8..c50d3fb97 100644
--- a/spec/services/activitypub/fetch_remote_account_service_spec.rb
+++ b/spec/services/activitypub/fetch_remote_account_service_spec.rb
@@ -16,7 +16,7 @@ RSpec.describe ActivityPub::FetchRemoteAccountService do
   end
 
   describe '#call' do
-    let(:account) { subject.call('https://example.com/alice') }
+    let(:account) { subject.call('https://example.com/alice', id: true) }
 
     shared_examples 'sets profile data' do
       it 'returns an account' do
diff --git a/spec/services/activitypub/fetch_remote_status_service_spec.rb b/spec/services/activitypub/fetch_remote_status_service_spec.rb
index 3b22257ed..ebf422392 100644
--- a/spec/services/activitypub/fetch_remote_status_service_spec.rb
+++ b/spec/services/activitypub/fetch_remote_status_service_spec.rb
@@ -15,21 +15,11 @@ RSpec.describe ActivityPub::FetchRemoteStatusService do
     }
   end
 
-  let(:create) do
-    {
-      '@context': 'https://www.w3.org/ns/activitystreams',
-      id: "https://#{valid_domain}/@foo/1234/activity",
-      type: 'Create',
-      actor: ActivityPub::TagManager.instance.uri_for(sender),
-      object: note,
-    }
-  end
-
   subject { described_class.new }
 
   describe '#call' do
     before do
-      subject.call(object[:id], Oj.dump(object))
+      subject.call(object[:id], prefetched_body: Oj.dump(object))
     end
 
     context 'with Note object' do
@@ -42,34 +32,5 @@ RSpec.describe ActivityPub::FetchRemoteStatusService do
         expect(status.text).to eq 'Lorem ipsum'
       end
     end
-
-    context 'with Create activity' do
-      let(:object) { create }
-
-      it 'creates status' do
-        status = sender.statuses.first
-        
-        expect(status).to_not be_nil
-        expect(status.text).to eq 'Lorem ipsum'
-      end
-    end
-
-    context 'with Announce activity' do
-      let(:status) { Fabricate(:status, account: recipient) }
-
-      let(:object) do
-        {
-          '@context': 'https://www.w3.org/ns/activitystreams',
-          id: "https://#{valid_domain}/@foo/1234/activity",
-          type: 'Announce',
-          actor: ActivityPub::TagManager.instance.uri_for(sender),
-          object: ActivityPub::TagManager.instance.uri_for(status),
-        }
-      end
-
-      it 'creates a reblog by sender of status' do
-        expect(sender.reblogged?(status)).to be true
-      end
-    end
   end
 end