commit: 2d779763055ebfe02ffb1ffced5c10dbc0baa63b
parent 5a4e3aa715fdd588b7fefc79dc15535497513218
Author: Alex Gleason <alex@alexgleason.me>
Date: Wed, 2 Feb 2022 12:19:35 -0600
Add tests for mismatched context in replies
Diffstat:
5 files changed, 149 insertions(+), 0 deletions(-)
diff --git a/test/fixtures/tesla_mock/gleasonator-AG3RzWfwEKKrY63qj2.json b/test/fixtures/tesla_mock/gleasonator-AG3RzWfwEKKrY63qj2.json
@@ -0,0 +1,35 @@
+{
+ "@context": [
+ "https://www.w3.org/ns/activitystreams",
+ "https://gleasonator.com/schemas/litepub-0.1.jsonld",
+ {
+ "@language": "und"
+ }
+ ],
+ "actor": "https://gleasonator.com/users/macgirvin",
+ "attachment": [],
+ "attributedTo": "https://gleasonator.com/users/macgirvin",
+ "cc": [
+ "https://gleasonator.com/users/macgirvin/followers"
+ ],
+ "content": "<span class=\"h-card\"><a class=\"u-url mention\" data-user=\"9v5bmRalQvjOy0ECcC\" href=\"https://gleasonator.com/users/alex\" rel=\"ugc\">@<span>alex</span></a></span> Any idea why my posts are failing? I sent an Accept/Follow from <a href=\"http://macgirvin.com\" rel=\"ugc\">macgirvin.com</a> at 2022-02-02T04:06:01Z and it vanished into space. As do all my comments to you. <br><br>2022-02-02T04:06:01Z:LOG_INFO:d5c4aa7f6a:Queue.php:435:deliver: deliver: queue post returned 200 from <a href=\"https://gleasonator.com/users/macgirvin/inbox\" rel=\"ugc\">https://gleasonator.com/users/macgirvin/inbox</a><br><br>It's OK if I'm blocked, but if that's the case, I shouldn't be able to send a follow to that address should I?",
+ "context": "https://gleasonator.com/contexts/b7f01f94-bc92-4d89-a085-0ffc211b0e42",
+ "conversation": "https://gleasonator.com/contexts/b7f01f94-bc92-4d89-a085-0ffc211b0e42",
+ "id": "https://gleasonator.com/objects/102eb097-a18b-4cd5-abfc-f952efcb70bb",
+ "published": "2022-02-02T04:14:10.965833Z",
+ "sensitive": false,
+ "source": "@alex Any idea why my posts are failing? I sent an Accept/Follow from macgirvin.com at 2022-02-02T04:06:01Z and it vanished into space. As do all my comments to you. \n\n2022-02-02T04:06:01Z:LOG_INFO:d5c4aa7f6a:Queue.php:435:deliver: deliver: queue post returned 200 from https://gleasonator.com/users/macgirvin/inbox\n\nIt's OK if I'm blocked, but if that's the case, I shouldn't be able to send a follow to that address should I?",
+ "summary": "",
+ "tag": [
+ {
+ "href": "https://gleasonator.com/users/alex",
+ "name": "@alex",
+ "type": "Mention"
+ }
+ ],
+ "to": [
+ "https://www.w3.org/ns/activitystreams#Public",
+ "https://gleasonator.com/users/alex"
+ ],
+ "type": "Note"
+}
diff --git a/test/fixtures/tesla_mock/macgirvin@gleasonator.com.json b/test/fixtures/tesla_mock/macgirvin@gleasonator.com.json
@@ -0,0 +1,41 @@
+{
+ "@context": [
+ "https://www.w3.org/ns/activitystreams",
+ "https://gleasonator.com/schemas/litepub-0.1.jsonld",
+ {
+ "@language": "und"
+ }
+ ],
+ "alsoKnownAs": [],
+ "attachment": [],
+ "capabilities": {
+ "acceptsChatMessages": true
+ },
+ "discoverable": false,
+ "endpoints": {
+ "oauthAuthorizationEndpoint": "https://gleasonator.com/oauth/authorize",
+ "oauthRegistrationEndpoint": "https://gleasonator.com/api/v1/apps",
+ "oauthTokenEndpoint": "https://gleasonator.com/oauth/token",
+ "sharedInbox": "https://gleasonator.com/inbox",
+ "uploadMedia": "https://gleasonator.com/api/ap/upload_media"
+ },
+ "featured": "https://gleasonator.com/users/macgirvin/collections/featured",
+ "followers": "https://gleasonator.com/users/macgirvin/followers",
+ "following": "https://gleasonator.com/users/macgirvin/following",
+ "id": "https://gleasonator.com/users/macgirvin",
+ "inbox": "https://gleasonator.com/users/macgirvin/inbox",
+ "manuallyApprovesFollowers": false,
+ "name": "macgirvin",
+ "outbox": "https://gleasonator.com/users/macgirvin/outbox",
+ "preferredUsername": "macgirvin",
+ "publicKey": {
+ "id": "https://gleasonator.com/users/macgirvin#main-key",
+ "owner": "https://gleasonator.com/users/macgirvin",
+ "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0AUMgsQu87tLwoJjZfZu\nsj7NV0qt/THdK8aw4Ha2GZfNkwrep99AZ8gmCI+rr+N5vyETAARzG5/Qzr5bNTUx\nsc1fxFemhhi6sxzAv4qZ5AgvWQ4YPFWizSp5ZY1jpPHLOeF2IftMf8CwVI82PtD0\n7m7T6iUYA4vfvMp9LxVrzQA+CAtpsQxAejTGCt37yM9T2mEWqfmJQQHRIQ4brKBL\nI82sNbzk1cbTwCfH7vRNS/l1ND+vaUGGkDKtpRl56BLmt4picYL0avc+8oO7ebpc\n/zUoS8OOi+mpEzjv7TBrSirYEIGvIh3TKHWSPrpHpQTqj9xBQBy+AxXTWahQEO2M\ndQIDAQAB\n-----END PUBLIC KEY-----\n\n"
+ },
+ "summary": "",
+ "tag": [],
+ "type": "Person",
+ "url": "https://gleasonator.com/users/macgirvin",
+ "vcard:bday": null
+}
diff --git a/test/pleroma/web/activity_pub/object_validators/create_generic_validator_test.exs b/test/pleroma/web/activity_pub/object_validators/create_generic_validator_test.exs
@@ -7,6 +7,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.CreateGenericValidatorTest do
alias Pleroma.Web.ActivityPub.ObjectValidator
alias Pleroma.Web.ActivityPub.ObjectValidators.CreateGenericValidator
+ alias Pleroma.Web.ActivityPub.Utils
import Pleroma.Factory
@@ -24,4 +25,35 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.CreateGenericValidatorTest do
%{valid?: true} = CreateGenericValidator.cast_and_validate(note_activity, meta)
end
+
+ test "a Create/Note with mismatched context is invalid" do
+ user = insert(:user)
+
+ note = %{
+ "id" => Utils.generate_object_id(),
+ "type" => "Note",
+ "actor" => user.ap_id,
+ "to" => [user.follower_address],
+ "cc" => [],
+ "content" => "Hello world",
+ "context" => Utils.generate_context_id()
+ }
+
+ note_activity = %{
+ "id" => Utils.generate_activity_id(),
+ "type" => "Create",
+ "actor" => note["actor"],
+ "to" => note["to"],
+ "cc" => note["cc"],
+ "object" => note,
+ "published" => DateTime.utc_now() |> DateTime.to_iso8601(),
+ "context" => Utils.generate_context_id()
+ }
+
+ # Build metadata
+ {:ok, object_data} = ObjectValidator.cast_and_apply(note_activity["object"])
+ meta = [object_data: ObjectValidator.stringify_keys(object_data)]
+
+ %{valid?: false} = CreateGenericValidator.cast_and_validate(note_activity, meta)
+ end
end
diff --git a/test/pleroma/web/activity_pub/transmogrifier_test.exs b/test/pleroma/web/activity_pub/transmogrifier_test.exs
@@ -107,6 +107,17 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
assert activity.data["target"] == new_user.ap_id
assert activity.data["type"] == "Move"
end
+
+ test "a reply with mismatched context is rejected" do
+ insert(:user, ap_id: "https://macgirvin.com/channel/mike")
+
+ note_activity =
+ "test/fixtures/roadhouse-create-activity.json"
+ |> File.read!()
+ |> Jason.decode!()
+
+ assert {:error, _} = Transmogrifier.handle_incoming(note_activity)
+ end
end
describe "prepare outgoing" do
diff --git a/test/support/http_request_mock.ex b/test/support/http_request_mock.ex
@@ -1311,6 +1311,36 @@ defmodule HttpRequestMock do
}}
end
+ def get("https://gleasonator.com/objects/102eb097-a18b-4cd5-abfc-f952efcb70bb", _, _, _) do
+ {:ok,
+ %Tesla.Env{
+ status: 200,
+ body: File.read!("test/fixtures/tesla_mock/gleasonator-AG3RzWfwEKKrY63qj2.json"),
+ headers: activitypub_object_headers()
+ }}
+ end
+
+ def get("https://gleasonator.com/users/macgirvin", _, _, _) do
+ {:ok,
+ %Tesla.Env{
+ status: 200,
+ body: File.read!("test/fixtures/tesla_mock/macgirvin@gleasonator.com.json"),
+ headers: activitypub_object_headers()
+ }}
+ end
+
+ def get("https://gleasonator.com/users/macgirvin/collections/featured", _, _, _) do
+ {:ok,
+ %Tesla.Env{
+ status: 200,
+ body:
+ File.read!("test/fixtures/users_mock/masto_featured.json")
+ |> String.replace("{{domain}}", "gleasonator.com")
+ |> String.replace("{{nickname}}", "macgirvin"),
+ headers: activitypub_object_headers()
+ }}
+ end
+
def get(url, query, body, headers) do
{:error,
"Mock response not implemented for GET #{inspect(url)}, #{query}, #{inspect(body)}, #{inspect(headers)}"}
