ChatMessages: Better validation.

author: lain <lain@soykaf.club> 2020-04-16 15:21:47 +0200
committer: lain <lain@soykaf.club> 2020-04-16 15:21:47 +0200
commit: e2ced0491770d6260fe51d5144b81200fd97f268 (patch)
tree: 25871bbf5cfae30207f99b045d574827d83c6a8e /test
parent: 3d4eca5dd4be297f03c244497d78db03e82a9d81 (diff)
download: pleroma-e2ced0491770d6260fe51d5144b81200fd97f268.tar.gz
3 files changed, 85 insertions, 3 deletions
diff --git a/test/fixtures/create-chat-message.json b/test/fixtures/create-chat-message.json
index 4aa17f4a5..2e4608f43 100644
--- a/test/fixtures/create-chat-message.json
+++ b/test/fixtures/create-chat-message.json
@@ -3,7 +3,7 @@
     "id": "http://2hu.gensokyo/objects/1",
     "object": {
         "attributedTo": "http://2hu.gensokyo/users/raymoo",
-        "content": "You expected a cute girl? Too bad.",
+        "content": "You expected a cute girl? Too bad. <script>alert('XSS')</script>",
         "id": "http://2hu.gensokyo/objects/2",
         "published": "2020-02-12T14:08:20Z",
         "to": [
diff --git a/test/web/activity_pub/object_validator_test.exs b/test/web/activity_pub/object_validator_test.exs
index 3c5c3696e..bf0bfdfaf 100644
--- a/test/web/activity_pub/object_validator_test.exs
+++ b/test/web/activity_pub/object_validator_test.exs
@@ -5,9 +5,61 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidatorTest do
   alias Pleroma.Web.ActivityPub.ObjectValidators.LikeValidator
   alias Pleroma.Web.ActivityPub.Utils
   alias Pleroma.Web.CommonAPI
+  alias Pleroma.Web.ActivityPub.Builder
 
   import Pleroma.Factory
 
+  describe "chat messages" do
+    setup do
+      user = insert(:user)
+      recipient = insert(:user, local: false)
+
+      {:ok, valid_chat_message, _} = Builder.chat_message(user, recipient.ap_id, "hey")
+
+      %{user: user, recipient: recipient, valid_chat_message: valid_chat_message}
+    end
+
+    test "validates for a basic object we build", %{valid_chat_message: valid_chat_message} do
+      assert {:ok, _object, _meta} = ObjectValidator.validate(valid_chat_message, [])
+    end
+
+    test "does not validate if the actor or the recipient is not in our system", %{
+      valid_chat_message: valid_chat_message
+    } do
+      chat_message =
+        valid_chat_message
+        |> Map.put("actor", "https://raymoo.com/raymoo")
+
+      {:error, _} = ObjectValidator.validate(chat_message, [])
+
+      chat_message =
+        valid_chat_message
+        |> Map.put("to", ["https://raymoo.com/raymoo"])
+
+      {:error, _} = ObjectValidator.validate(chat_message, [])
+    end
+
+    test "does not validate for a message with multiple recipients", %{
+      valid_chat_message: valid_chat_message,
+      user: user,
+      recipient: recipient
+    } do
+      chat_message =
+        valid_chat_message
+        |> Map.put("to", [user.ap_id, recipient.ap_id])
+
+      assert {:error, _} = ObjectValidator.validate(chat_message, [])
+    end
+
+    test "does not validate if it doesn't concern local users" do
+      user = insert(:user, local: false)
+      recipient = insert(:user, local: false)
+
+      {:ok, valid_chat_message, _} = Builder.chat_message(user, recipient.ap_id, "hey")
+      assert {:error, _} = ObjectValidator.validate(valid_chat_message, [])
+    end
+  end
+
   describe "likes" do
     setup do
       user = insert(:user)
diff --git a/test/web/activity_pub/transmogrifier/chat_message_test.exs b/test/web/activity_pub/transmogrifier/chat_message_test.exs
index aed62c520..5b238f9c4 100644
--- a/test/web/activity_pub/transmogrifier/chat_message_test.exs
+++ b/test/web/activity_pub/transmogrifier/chat_message_test.exs
@@ -12,13 +12,43 @@ defmodule Pleroma.Web.ActivityPub.Transmogrifier.ChatMessageTest do
   alias Pleroma.Web.ActivityPub.Transmogrifier
 
   describe "handle_incoming" do
-    test "it insert it" do
+    test "it rejects messages that don't contain content" do
+      data =
+        File.read!("test/fixtures/create-chat-message.json")
+        |> Poison.decode!()
+
+      object =
+        data["object"]
+        |> Map.delete("content")
+
+      data =
+        data
+        |> Map.put("object", object)
+
+      _author = insert(:user, ap_id: data["actor"], local: false)
+      _recipient = insert(:user, ap_id: List.first(data["to"]), local: true)
+
+      {:error, _} = Transmogrifier.handle_incoming(data)
+    end
+
+    test "it rejects messages that don't concern local users" do
+      data =
+        File.read!("test/fixtures/create-chat-message.json")
+        |> Poison.decode!()
+
+      _author = insert(:user, ap_id: data["actor"], local: false)
+      _recipient = insert(:user, ap_id: List.first(data["to"]), local: false)
+
+      {:error, _} = Transmogrifier.handle_incoming(data)
+    end
+
+    test "it inserts it and creates a chat" do
       data =
         File.read!("test/fixtures/create-chat-message.json")
         |> Poison.decode!()
 
       author = insert(:user, ap_id: data["actor"], local: false)
-      recipient = insert(:user, ap_id: List.first(data["to"]), local: false)
+      recipient = insert(:user, ap_id: List.first(data["to"]), local: true)
 
       {:ok, %Activity{} = activity} = Transmogrifier.handle_incoming(data)
author	lain <lain@soykaf.club>	2020-04-16 15:21:47 +0200
committer	lain <lain@soykaf.club>	2020-04-16 15:21:47 +0200
commit	e2ced0491770d6260fe51d5144b81200fd97f268 (patch)
tree	25871bbf5cfae30207f99b045d574827d83c6a8e /test
parent	3d4eca5dd4be297f03c244497d78db03e82a9d81 (diff)
download	pleroma-e2ced0491770d6260fe51d5144b81200fd97f268.tar.gz