From c8b1e72a4febd0922e22c3bdbba9165507de23bb Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Thu, 3 Feb 2022 14:09:04 +0100
Subject: Fix compacted JSON-LD possibly causing compatibility issues on
 forwarding (#17428)

---
 spec/helpers/jsonld_helper_spec.rb | 82 ++++++++++++++++++++++++++++++++++++++
 1 file changed, 82 insertions(+)

(limited to 'spec')

diff --git a/spec/helpers/jsonld_helper_spec.rb b/spec/helpers/jsonld_helper_spec.rb
index 883a88b14..744a14f26 100644
--- a/spec/helpers/jsonld_helper_spec.rb
+++ b/spec/helpers/jsonld_helper_spec.rb
@@ -89,4 +89,86 @@ describe JsonLdHelper do
       expect(fetch_resource_without_id_validation('https://host.test/')).to eq({})
     end
   end
+
+  context 'compaction and forwarding' do
+    let(:json) do
+      {
+        '@context' => [
+          'https://www.w3.org/ns/activitystreams',
+          'https://w3id.org/security/v1',
+          {
+            'obsolete' => 'http://ostatus.org#',
+            'convo' => 'obsolete:conversation',
+            'new' => 'https://obscure-unreleased-test.joinmastodon.org/#',
+          },
+        ],
+        'type' => 'Create',
+        'to' => ['https://www.w3.org/ns/activitystreams#Public'],
+        'object' => {
+          'id' => 'https://example.com/status',
+          'type' => 'Note',
+          'inReplyTo' => nil,
+          'convo' => 'https://example.com/conversation',
+          'tag' => [
+            {
+              'type' => 'Mention',
+              'href' => ['foo'],
+            }
+          ],
+        },
+        'signature' => {
+          'type' => 'RsaSignature2017',
+          'created' => '2022-02-02T12:00:00Z',
+          'creator' => 'https://example.com/actor#main-key',
+          'signatureValue' => 'some-sig',
+        },
+      }
+    end
+
+    describe '#compact' do
+      it 'properly compacts JSON-LD with alternative context definitions' do
+        expect(compact(json).dig('object', 'conversation')).to eq 'https://example.com/conversation'
+      end
+
+      it 'compacts single-item arrays' do
+        expect(compact(json).dig('object', 'tag', 'href')).to eq 'foo'
+      end
+
+      it 'compacts the activistreams Public collection' do
+        expect(compact(json)['to']).to eq 'as:Public'
+      end
+
+      it 'properly copies signature' do
+        expect(compact(json)['signature']).to eq json['signature']
+      end
+    end
+
+    describe 'patch_for_forwarding!' do
+      it 'properly patches incompatibilities' do
+        json['object'].delete('convo')
+        compacted = compact(json)
+        patch_for_forwarding!(json, compacted)
+        expect(compacted['to']).to eq ['https://www.w3.org/ns/activitystreams#Public']
+        expect(compacted.dig('object', 'tag', 0, 'href')).to eq ['foo']
+        expect(safe_for_forwarding?(json, compacted)).to eq true
+      end
+    end
+
+    describe 'safe_for_forwarding?' do
+      it 'deems a safe compacting as such' do
+        json['object'].delete('convo')
+        compacted = compact(json)
+        deemed_compatible = patch_for_forwarding!(json, compacted)
+        expect(compacted['to']).to eq ['https://www.w3.org/ns/activitystreams#Public']
+        expect(safe_for_forwarding?(json, compacted)).to eq true
+      end
+
+      it 'deems an unsafe compacting as such' do
+        compacted = compact(json)
+        deemed_compatible = patch_for_forwarding!(json, compacted)
+        expect(compacted['to']).to eq ['https://www.w3.org/ns/activitystreams#Public']
+        expect(safe_for_forwarding?(json, compacted)).to eq false
+      end
+    end
+  end
 end
-- 
cgit 


From 92658f0fb0cf6cb582126f41f7132bde80f77657 Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Sun, 6 Feb 2022 15:31:03 +0100
Subject: Fix instance actor not being dereferenceable (#17457)

* Add tests

* Fix instance actor not being dereferenceable

* Fix tests

* Fix tests for real
---
 app/controllers/instance_actors_controller.rb      |  1 +
 .../controllers/instance_actors_controller_spec.rb | 55 ++++++++++++++++++++++
 2 files changed, 56 insertions(+)
 create mode 100644 spec/controllers/instance_actors_controller_spec.rb

(limited to 'spec')

diff --git a/app/controllers/instance_actors_controller.rb b/app/controllers/instance_actors_controller.rb
index b3b5476e2..0853897f2 100644
--- a/app/controllers/instance_actors_controller.rb
+++ b/app/controllers/instance_actors_controller.rb
@@ -3,6 +3,7 @@
 class InstanceActorsController < ApplicationController
   include AccountControllerConcern
 
+  skip_before_action :check_account_confirmation
   skip_around_action :set_locale
 
   def show
diff --git a/spec/controllers/instance_actors_controller_spec.rb b/spec/controllers/instance_actors_controller_spec.rb
new file mode 100644
index 000000000..f64a7d2ca
--- /dev/null
+++ b/spec/controllers/instance_actors_controller_spec.rb
@@ -0,0 +1,55 @@
+require 'rails_helper'
+
+RSpec.describe InstanceActorsController, type: :controller do
+  describe 'GET #show' do
+    context 'as JSON' do
+      let(:format) { 'json' }
+
+      shared_examples 'shared behavior' do
+        before do
+          get :show, params: { format: format }
+        end
+
+        it 'returns http success' do
+          expect(response).to have_http_status(200)
+        end
+
+        it 'returns application/activity+json' do
+          expect(response.media_type).to eq 'application/activity+json'
+        end
+
+        it 'does not set cookies' do
+          expect(response.cookies).to be_empty
+          expect(response.headers['Set-Cookies']).to be nil
+        end
+
+        it 'does not set sessions' do
+          expect(session).to be_empty
+        end
+
+        it 'returns public Cache-Control header' do
+          expect(response.headers['Cache-Control']).to include 'public'
+        end
+
+        it 'renders account' do
+          json = body_as_json
+          expect(json).to include(:id, :type, :preferredUsername, :inbox, :publicKey, :inbox, :outbox, :url)
+        end
+      end
+
+      before do
+        allow(controller).to receive(:authorized_fetch_mode?).and_return(authorized_fetch_mode)
+      end
+
+      context 'without authorized fetch mode' do
+        let(:authorized_fetch_mode) { false }
+        it_behaves_like 'shared behavior'
+      end
+
+      context 'with authorized fetch mode' do
+        let(:authorized_fetch_mode) { true }
+        it_behaves_like 'shared behavior'
+      end
+    end
+  end
+end
-- 
cgit