squeegily
/
pleroma
1
0
Atdalīts 0
Kods Problēmas 0 Izmaiņu pieprasījumi 0 Laidieni 42 Vikivietne Aktivitāte
Fork of Pleroma with site-specific changes and feature branches https://git.pleroma.social/pleroma/pleroma
Nevar pievienot vairāk kā 25 tēmas Tēmai ir jāsākas ar burtu vai ciparu, tā var saturēt domu zīmes ('-') un var būt līdz 35 simboliem gara.
6113 Revīzijas
154 Atzari
503MB
Koks: 7efca4317b
Atzari Tagi
${ item.name }
Izveidot atzaru ${ searchTerm }
no '7efca4317b'
${ noResults }
pleroma/test/object/containment_test.exs

102 rindas
2.8KB
Neapstrādāts Vainot Vēsture 

  1. # Pleroma: A lightweight social networking server

  2. # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>

  3. # SPDX-License-Identifier: AGPL-3.0-only

  4. 

  5. defmodule Pleroma.Object.ContainmentTest do

  6.   use Pleroma.DataCase

  7. 

  8.   alias Pleroma.Object.Containment

  9.   alias Pleroma.User

  10. 

  11.   import Pleroma.Factory

  12.   import ExUnit.CaptureLog

  13. 

  14.   setup_all do

  15.     Tesla.Mock.mock_global(fn env -> apply(HttpRequestMock, :request, [env]) end)

  16.     :ok

  17.   end

  18. 

  19.   describe "general origin containment" do

  20.     test "contain_origin_from_id() catches obvious spoofing attempts" do

  21.       data = %{

  22.         "id" => "http://example.com/~alyssa/activities/1234.json"

  23.       }

  24. 

  25.       :error =

  26.         Containment.contain_origin_from_id(

  27.           "http://example.org/~alyssa/activities/1234.json",

  28.           data

  29.         )

  30.     end

  31. 

  32.     test "contain_origin_from_id() allows alternate IDs within the same origin domain" do

  33.       data = %{

  34.         "id" => "http://example.com/~alyssa/activities/1234.json"

  35.       }

  36. 

  37.       :ok =

  38.         Containment.contain_origin_from_id(

  39.           "http://example.com/~alyssa/activities/1234",

  40.           data

  41.         )

  42.     end

  43. 

  44.     test "contain_origin_from_id() allows matching IDs" do

  45.       data = %{

  46.         "id" => "http://example.com/~alyssa/activities/1234.json"

  47.       }

  48. 

  49.       :ok =

  50.         Containment.contain_origin_from_id(

  51.           "http://example.com/~alyssa/activities/1234.json",

  52.           data

  53.         )

  54.     end

  55. 

  56.     test "users cannot be collided through fake direction spoofing attempts" do

  57.       _user =

  58.         insert(:user, %{

  59.           nickname: "rye@niu.moe",

  60.           local: false,

  61.           ap_id: "https://niu.moe/users/rye",

  62.           follower_address: User.ap_followers(%User{nickname: "rye@niu.moe"})

  63.         })

  64. 

  65.       assert capture_log(fn ->

  66.                {:error, _} = User.get_or_fetch_by_ap_id("https://n1u.moe/users/rye")

  67.              end) =~

  68.                "[error] Could not decode user at fetch https://n1u.moe/users/rye, {:error, :error}"

  69.     end

  70.   end

  71. 

  72.   describe "containment of children" do

  73.     test "contain_child() catches spoofing attempts" do

  74.       data = %{

  75.         "id" => "http://example.com/whatever",

  76.         "type" => "Create",

  77.         "object" => %{

  78.           "id" => "http://example.net/~alyssa/activities/1234",

  79.           "attributedTo" => "http://example.org/~alyssa"

  80.         },

  81.         "actor" => "http://example.com/~bob"

  82.       }

  83. 

  84.       :error = Containment.contain_child(data)

  85.     end

  86. 

  87.     test "contain_child() allows correct origins" do

  88.       data = %{

  89.         "id" => "http://example.org/~alyssa/activities/5678",

  90.         "type" => "Create",

  91.         "object" => %{

  92.           "id" => "http://example.org/~alyssa/activities/1234",

  93.           "attributedTo" => "http://example.org/~alyssa"

  94.         },

  95.         "actor" => "http://example.org/~alyssa"

  96.       }

  97. 

  98.       :ok = Containment.contain_child(data)

  99.     end

  100.   end

  101. end