autonomic-cooperative/hometown
0
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Files
.circleci
.github
app
bin
config
db
docs
lib
log
nanobox
public
spec
controllers
fabricators
features
fixtures
helpers
lib
mailers
models
policies
presenters
requests
routing
services
activitypub
pubsubhubbub
account_search_service_spec.rb
after_block_domain_from_account_service_spec.rb
after_block_service_spec.rb
authorize_follow_service_spec.rb
batched_remove_status_service_spec.rb
block_domain_service_spec.rb
block_service_spec.rb
bootstrap_timeline_service_spec.rb
fan_out_on_write_service_spec.rb
favourite_service_spec.rb
fetch_atom_service_spec.rb
fetch_link_card_service_spec.rb
fetch_oembed_service_spec.rb
fetch_remote_account_service_spec.rb
fetch_remote_status_service_spec.rb
follow_service_spec.rb
mute_service_spec.rb
notify_service_spec.rb
post_status_service_spec.rb
precompute_feed_service_spec.rb
process_feed_service_spec.rb
process_interaction_service_spec.rb
process_mentions_service_spec.rb
reblog_service_spec.rb
reject_follow_service_spec.rb
remove_status_service_spec.rb
report_service_spec.rb
resolve_account_service_spec.rb
resolve_url_service_spec.rb
search_service_spec.rb
send_interaction_service_spec.rb
subscribe_service_spec.rb
suspend_account_service_spec.rb
unblock_domain_service_spec.rb
unblock_service_spec.rb
unfollow_service_spec.rb
unmute_service_spec.rb
unsubscribe_service_spec.rb
update_remote_profile_service_spec.rb
support
validators
views
workers
rails_helper.rb
spec_helper.rb
streaming
vendor
.babelrc
.buildpacks
.codeclimate.yml
.dockerignore
.editorconfig
.env.nanobox
.env.production.sample
.env.test
.env.vagrant
.eslintignore
.eslintrc.yml
.foreman
.gitattributes
.gitignore
.haml-lint.yml
.nanoignore
.nvmrc
.postcssrc.yml
.profile
.rspec
.rubocop.yml
.ruby-version
.scss-lint.yml
.slugignore
.yarnclean
AUTHORS.md
Aptfile
CODE_OF_CONDUCT.md
CONTRIBUTING.md
Capfile
Dockerfile
Gemfile
Gemfile.lock
LICENSE
Procfile
Procfile.dev
README.md
Rakefile
Vagrantfile
app.json
boxfile.yml
config.ru
docker-compose.yml
jest.config.js
package.json
priv-config
scalingo.json
yarn.lock
1d8b693d31512b25f90d63b5d879d97dba4044fe
hometown/spec/services/fetch_remote_account_service_spec.rb
Eugen Rochko 802cf6a4c5 Improve federated ID validation () 
* Fix URI not being sufficiently validated with prefetched JSON

* Add additional id validation to OStatus documents, when possible
2018-08-22 20:55:14 +02:00

90 lines
3.8 KiB
Ruby
Raw Blame History

require 'rails_helper'
RSpec.describe FetchRemoteAccountService, type: :service do
let(:url) { 'https://example.com/alice' }
let(:prefetched_body) { nil }
let(:protocol) { :ostatus }
subject { FetchRemoteAccountService.new.call(url, prefetched_body, protocol) }
let(:actor) do
{
'@context': 'https://www.w3.org/ns/activitystreams',
id: 'https://example.com/alice',
type: 'Person',
preferredUsername: 'alice',
name: 'Alice',
summary: 'Foo bar',
inbox: 'http://example.com/alice/inbox',
}
end
let(:webfinger) { { subject: 'acct:alice@example.com', links: [{ rel: 'self', href: 'https://example.com/alice' }] } }
let(:xml) { File.read(File.join(Rails.root, 'spec', 'fixtures', 'xml', 'mastodon.atom')) }
shared_examples 'return Account' do
it { is_expected.to be_an Account }
end
context 'protocol is :activitypub' do
let(:prefetched_body) { Oj.dump(actor) }
let(:protocol) { :activitypub }
before do
stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' })
end
include_examples 'return Account'
end
context 'protocol is :ostatus' do
let(:prefetched_body) { xml }
let(:protocol) { :ostatus }
before do
stub_request(:get, "https://kickass.zone/.well-known/webfinger?resource=acct:localhost@kickass.zone").to_return(request_fixture('webfinger-hacker3.txt'))
stub_request(:get, "https://kickass.zone/api/statuses/user_timeline/7477.atom").to_return(request_fixture('feed.txt'))
end
include_examples 'return Account'
it 'does not update account information if XML comes from an unverified domain' do
feed_xml = <<-XML.squish
<?xml version="1.0" encoding="UTF-8"?>
<feed xml:lang="en-US" xmlns="http://www.w3.org/2005/Atom" xmlns:thr="http://purl.org/syndication/thread/1.0" xmlns:georss="http://www.georss.org/georss" xmlns:activity="http://activitystrea.ms/spec/1.0/" xmlns:media="http://purl.org/syndication/atommedia" xmlns:poco="http://portablecontacts.net/spec/1.0" xmlns:ostatus="http://ostatus.org/schema/1.0" xmlns:statusnet="http://status.net/schema/api/1/">
<author>
<activity:object-type>http://activitystrea.ms/schema/1.0/person</activity:object-type>
<uri>http://kickass.zone/users/localhost</uri>
<name>localhost</name>
<poco:preferredUsername>localhost</poco:preferredUsername>
<poco:displayName>Villain!!!</poco:displayName>
</author>
</feed>
XML
returned_account = described_class.new.call('https://real-fake-domains.com/alice', feed_xml, :ostatus)
expect(returned_account.display_name).to_not eq 'Villain!!!'
end
end
context 'when prefetched_body is nil' do
context 'protocol is :activitypub' do
before do
stub_request(:get, url).to_return(status: 200, body: Oj.dump(actor), headers: { 'Content-Type' => 'application/activity+json' })
stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' })
end
include_examples 'return Account'
end
context 'protocol is :ostatus' do
before do
stub_request(:get, url).to_return(status: 200, body: xml, headers: { 'Content-Type' => 'application/atom+xml' })
stub_request(:get, "https://kickass.zone/.well-known/webfinger?resource=acct:localhost@kickass.zone").to_return(request_fixture('webfinger-hacker3.txt'))
stub_request(:get, "https://kickass.zone/api/statuses/user_timeline/7477.atom").to_return(request_fixture('feed.txt'))
end
include_examples 'return Account'
end
end
end
Reference in New Issue View Git Blame Copy Permalink