From e4a241abefaa68492938c3fbb7e5e5401d12138e Mon Sep 17 00:00:00 2001 From: Eugen Rochko Date: Mon, 8 Jan 2018 05:00:23 +0100 Subject: Fix bad URL schemes being accepted (#6219) * Fix actors accepting invalid URI schemes or different host between URI and URL * Fix statuses accepting invalid URI scheme or different host to actor * Adjust tests to new requirements * Improve readability of mismatching_origin?/invalid_origin? methods --- spec/lib/activitypub/activity/create_spec.rb | 34 +++++++++++++++------------- 1 file changed, 18 insertions(+), 16 deletions(-) (limited to 'spec/lib/activitypub') diff --git a/spec/lib/activitypub/activity/create_spec.rb b/spec/lib/activitypub/activity/create_spec.rb index 3c3991c13..51f54a398 100644 --- a/spec/lib/activitypub/activity/create_spec.rb +++ b/spec/lib/activitypub/activity/create_spec.rb @@ -6,7 +6,7 @@ RSpec.describe ActivityPub::Activity::Create do let(:json) do { '@context': 'https://www.w3.org/ns/activitystreams', - id: 'foo', + id: [ActivityPub::TagManager.instance.uri_for(sender), '#foo'].join, type: 'Create', actor: ActivityPub::TagManager.instance.uri_for(sender), object: object_json, @@ -16,6 +16,8 @@ RSpec.describe ActivityPub::Activity::Create do subject { described_class.new(json, sender) } before do + sender.update(uri: ActivityPub::TagManager.instance.uri_for(sender)) + stub_request(:get, 'http://example.com/attachment.png').to_return(request_fixture('avatar.txt')) stub_request(:get, 'http://example.com/emoji.png').to_return(body: attachment_fixture('emojo.png')) end @@ -28,7 +30,7 @@ RSpec.describe ActivityPub::Activity::Create do context 'standalone' do let(:object_json) do { - id: 'bar', + id: [ActivityPub::TagManager.instance.uri_for(sender), '#bar'].join, type: 'Note', content: 'Lorem ipsum', } @@ -52,7 +54,7 @@ RSpec.describe ActivityPub::Activity::Create do context 'public' do let(:object_json) do { - id: 'bar', + id: [ActivityPub::TagManager.instance.uri_for(sender), '#bar'].join, type: 'Note', content: 'Lorem ipsum', to: 'https://www.w3.org/ns/activitystreams#Public', @@ -70,7 +72,7 @@ RSpec.describe ActivityPub::Activity::Create do context 'unlisted' do let(:object_json) do { - id: 'bar', + id: [ActivityPub::TagManager.instance.uri_for(sender), '#bar'].join, type: 'Note', content: 'Lorem ipsum', cc: 'https://www.w3.org/ns/activitystreams#Public', @@ -88,7 +90,7 @@ RSpec.describe ActivityPub::Activity::Create do context 'private' do let(:object_json) do { - id: 'bar', + id: [ActivityPub::TagManager.instance.uri_for(sender), '#bar'].join, type: 'Note', content: 'Lorem ipsum', to: 'http://example.com/followers', @@ -108,7 +110,7 @@ RSpec.describe ActivityPub::Activity::Create do let(:object_json) do { - id: 'bar', + id: [ActivityPub::TagManager.instance.uri_for(sender), '#bar'].join, type: 'Note', content: 'Lorem ipsum', to: ActivityPub::TagManager.instance.uri_for(recipient), @@ -128,7 +130,7 @@ RSpec.describe ActivityPub::Activity::Create do let(:object_json) do { - id: 'bar', + id: [ActivityPub::TagManager.instance.uri_for(sender), '#bar'].join, type: 'Note', content: 'Lorem ipsum', inReplyTo: ActivityPub::TagManager.instance.uri_for(original_status), @@ -151,7 +153,7 @@ RSpec.describe ActivityPub::Activity::Create do let(:object_json) do { - id: 'bar', + id: [ActivityPub::TagManager.instance.uri_for(sender), '#bar'].join, type: 'Note', content: 'Lorem ipsum', tag: [ @@ -174,7 +176,7 @@ RSpec.describe ActivityPub::Activity::Create do context 'with mentions missing href' do let(:object_json) do { - id: 'bar', + id: [ActivityPub::TagManager.instance.uri_for(sender), '#bar'].join, type: 'Note', content: 'Lorem ipsum', tag: [ @@ -194,7 +196,7 @@ RSpec.describe ActivityPub::Activity::Create do context 'with media attachments' do let(:object_json) do { - id: 'bar', + id: [ActivityPub::TagManager.instance.uri_for(sender), '#bar'].join, type: 'Note', content: 'Lorem ipsum', attachment: [ @@ -218,7 +220,7 @@ RSpec.describe ActivityPub::Activity::Create do context 'with media attachments missing url' do let(:object_json) do { - id: 'bar', + id: [ActivityPub::TagManager.instance.uri_for(sender), '#bar'].join, type: 'Note', content: 'Lorem ipsum', attachment: [ @@ -239,7 +241,7 @@ RSpec.describe ActivityPub::Activity::Create do context 'with hashtags' do let(:object_json) do { - id: 'bar', + id: [ActivityPub::TagManager.instance.uri_for(sender), '#bar'].join, type: 'Note', content: 'Lorem ipsum', tag: [ @@ -263,7 +265,7 @@ RSpec.describe ActivityPub::Activity::Create do context 'with hashtags missing name' do let(:object_json) do { - id: 'bar', + id: [ActivityPub::TagManager.instance.uri_for(sender), '#bar'].join, type: 'Note', content: 'Lorem ipsum', tag: [ @@ -284,7 +286,7 @@ RSpec.describe ActivityPub::Activity::Create do context 'with emojis' do let(:object_json) do { - id: 'bar', + id: [ActivityPub::TagManager.instance.uri_for(sender), '#bar'].join, type: 'Note', content: 'Lorem ipsum :tinking:', tag: [ @@ -310,7 +312,7 @@ RSpec.describe ActivityPub::Activity::Create do context 'with emojis missing name' do let(:object_json) do { - id: 'bar', + id: [ActivityPub::TagManager.instance.uri_for(sender), '#bar'].join, type: 'Note', content: 'Lorem ipsum :tinking:', tag: [ @@ -333,7 +335,7 @@ RSpec.describe ActivityPub::Activity::Create do context 'with emojis missing icon' do let(:object_json) do { - id: 'bar', + id: [ActivityPub::TagManager.instance.uri_for(sender), '#bar'].join, type: 'Note', content: 'Lorem ipsum :tinking:', tag: [ -- cgit