Wire up stub routes for client calls of activitypub inbox/outbox

Code style: remove wrapping function of outbox

1 files changed, 27 insertions, 0 deletions

diff --git a/test/web/activity_pub/activity_pub_controller_test.exs b/test/web/activity_pub/activity_pub_controller_test.exs
index 9fdf15505..95027f855 100644
--- a/test/web/activity_pub/activity_pub_controller_test.exs
+++ b/test/web/activity_pub/activity_pub_controller_test.exs
@@ -112,6 +112,19 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
       :timer.sleep(500)
       assert Activity.get_by_ap_id(data["id"])
     end
+
+    test "it rejects reads from other users", %{conn: conn} do
+      user = insert(:user)
+      otheruser = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, otheruser)
+        |> put_req_header("accept", "application/activity+json")
+        |> get("/users/#{user.nickname}/inbox")
+
+      assert json_response(conn, 403)
+    end
   end
 
   describe "/users/:nickname/outbox" do
@@ -138,6 +151,20 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
 
       assert response(conn, 200) =~ announce_activity.data["object"]
     end
+
+    test "it rejects posts from other users", %{conn: conn} do
+      data = File.read!("test/fixtures/activitypub-client-post-activity.json") |> Poison.decode!()
+      user = insert(:user)
+      otheruser = insert(:user)
+
+      conn =
+        conn
+        |> assign(:user, otheruser)
+        |> put_req_header("content-type", "application/activity+json")
+        |> post("/users/#{user.nickname}/outbox", data)
+
+      assert json_response(conn, 403)
+    end
   end
 
   describe "/users/:nickname/followers" do