tests: add additional spoofing tests

author: William Pitcock <nenolod@dereferenced.org> 2018-11-17 18:12:11 +0000
committer: William Pitcock <nenolod@dereferenced.org> 2018-11-17 18:12:11 +0000
commit: d9cb081f0723881343b6dd71e1bb1b52b5492f2b (patch)
tree: f0402508987b95a646facf8426e4ed6de33b5b7a
parent: 2ab8e287289d3b4d6458f6d9cc29c5d29dfcd102 (diff)
download: pleroma-d9cb081f0723881343b6dd71e1bb1b52b5492f2b.tar.gz
1 files changed, 17 insertions, 0 deletions
diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs
index 9250598f4..0ba969263 100644
--- a/test/web/activity_pub/transmogrifier_test.exs
+++ b/test/web/activity_pub/transmogrifier_test.exs
@@ -883,5 +883,22 @@ defmodule Pleroma.Web.ActivityPub.TransmogrifierTest do
 
       :error = Transmogrifier.handle_incoming(data)
     end
+
+    test "it rejects objects when the ID does not match the fetched URI" do
+      {:error, _} = ActivityPub.fetch_object_from_id("https://info.pleroma.site/activity2.json")
+    end
+
+    test "it rejects activities which reference objects by mismatched URI" do
+      data = %{
+        "@context" => "https://www.w3.org/ns/activitystreams",
+        "id" => "http://mastodon.example.org/users/admin/activities/1234",
+        "actor" => "http://mastodon.example.org/users/admin",
+        "to" => ["https://www.w3.org/ns/activitystreams#Public"],
+        "object" => "https://info.pleroma.site/activity2.json",
+        "type" => "Announce"
+      }
+
+      :error = Transmogrifier.handle_incoming(data)
+    end
   end
 end
author	William Pitcock <nenolod@dereferenced.org>	2018-11-17 18:12:11 +0000
committer	William Pitcock <nenolod@dereferenced.org>	2018-11-17 18:12:11 +0000
commit	d9cb081f0723881343b6dd71e1bb1b52b5492f2b (patch)
tree	f0402508987b95a646facf8426e4ed6de33b5b7a
parent	2ab8e287289d3b4d6458f6d9cc29c5d29dfcd102 (diff)
download	pleroma-d9cb081f0723881343b6dd71e1bb1b52b5492f2b.tar.gz