spec/lib/activitypub/dereferencer_spec.rb


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73

require 'rails_helper'

RSpec.describe ActivityPub::Dereferencer do
  describe '#object' do
    let(:object) { { '@context': 'https://www.w3.org/ns/activitystreams', id: 'https://example.com/foo', type: 'Note', content: 'Hoge' } }
    let(:permitted_origin) { 'https://example.com' }
    let(:signature_account) { nil }
    let(:uri) { nil }

    subject { described_class.new(uri, permitted_origin: permitted_origin, signature_account: signature_account).object }

    before do
      stub_request(:get, 'https://example.com/foo').to_return(body: Oj.dump(object), headers: { 'Content-Type' => 'application/activity+json' })
    end

    context 'with a URI' do
      let(:uri) { 'https://example.com/foo' }

      it 'returns object' do
        expect(subject.with_indifferent_access).to eq object.with_indifferent_access
      end

      context 'with signature account' do
        let(:signature_account) { Fabricate(:account) }

        it 'makes signed request' do
          subject
          expect(a_request(:get, 'https://example.com/foo').with { |req| req.headers['Signature'].present? }).to have_been_made
        end
      end

      context 'with different origin' do
        let(:uri) { 'https://other-example.com/foo' }

        it 'does not make request' do
          subject
          expect(a_request(:get, 'https://other-example.com/foo')).to_not have_been_made
        end
      end
    end

    context 'with a bearcap' do
      let(:uri) { 'bear:?t=hoge&u=https://example.com/foo' }

      it 'makes request with Authorization header' do
        subject
        expect(a_request(:get, 'https://example.com/foo').with(headers: { 'Authorization' => 'Bearer hoge' })).to have_been_made
      end

      it 'returns object' do
        expect(subject.with_indifferent_access).to eq object.with_indifferent_access
      end

      context 'with signature account' do
        let(:signature_account) { Fabricate(:account) }

        it 'makes signed request' do
          subject
          expect(a_request(:get, 'https://example.com/foo').with { |req| req.headers['Signature'].present? && req.headers['Authorization'] == 'Bearer hoge' }).to have_been_made
        end
      end

      context 'with different origin' do
        let(:uri) { 'bear:?t=hoge&u=https://other-example.com/foo' }

        it 'does not make request' do
          subject
          expect(a_request(:get, 'https://other-example.com/foo')).to_not have_been_made
        end
      end
    end
  end
end