From e4a241abefaa68492938c3fbb7e5e5401d12138e Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Mon, 8 Jan 2018 05:00:23 +0100
Subject: Fix bad URL schemes being accepted (#6219)

* Fix actors accepting invalid URI schemes or different host between URI and URL

* Fix statuses accepting invalid URI scheme or different host to actor

* Adjust tests to new requirements

* Improve readability of mismatching_origin?/invalid_origin? methods
---
 spec/services/activitypub/fetch_remote_status_service_spec.rb | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

(limited to 'spec/services/activitypub/fetch_remote_status_service_spec.rb')

diff --git a/spec/services/activitypub/fetch_remote_status_service_spec.rb b/spec/services/activitypub/fetch_remote_status_service_spec.rb
index ad26abc5b..a533e8413 100644
--- a/spec/services/activitypub/fetch_remote_status_service_spec.rb
+++ b/spec/services/activitypub/fetch_remote_status_service_spec.rb
@@ -21,6 +21,8 @@ RSpec.describe ActivityPub::FetchRemoteStatusService do
 
   describe '#call' do
     before do
+      sender.update(uri: ActivityPub::TagManager.instance.uri_for(sender))
+
       stub_request(:head, 'https://example.com/watch?v=12345').to_return(status: 404, body: '')
       subject.call(object[:id], prefetched_body: Oj.dump(object))
     end
@@ -48,13 +50,13 @@ RSpec.describe ActivityPub::FetchRemoteStatusService do
             {
               type: 'Link',
               mimeType: 'application/x-bittorrent',
-              href: 'https://example.com/12345.torrent',
+              href: "https://#{valid_domain}/12345.torrent",
             },
 
             {
               type: 'Link',
               mimeType: 'text/html',
-              href: 'https://example.com/watch?v=12345',
+              href: "https://#{valid_domain}/watch?v=12345",
             },
           ],
         }
@@ -64,8 +66,8 @@ RSpec.describe ActivityPub::FetchRemoteStatusService do
         status = sender.statuses.first
 
         expect(status).to_not be_nil
-        expect(status.url).to eq 'https://example.com/watch?v=12345'
-        expect(strip_tags(status.text)).to eq 'Nyan Cat 10 hours remix https://example.com/watch?v=12345'
+        expect(status.url).to eq "https://#{valid_domain}/watch?v=12345"
+        expect(strip_tags(status.text)).to eq "Nyan Cat 10 hours remix https://#{valid_domain}/watch?v=12345"
       end
     end
   end
-- 
cgit