Add test for preventing spoofing

This commit is contained in:
Kitaiti Makoto 2020-12-01 08:37:47 +09:00 committed by Gitea
parent fe641620a6
commit beaeaf743a
2 changed files with 67 additions and 0 deletions

View File

@ -173,6 +173,36 @@ pub(crate) mod tests {
});
}
#[test]
fn spoof_comment() {
let r = rockets();
let conn = &*r.conn;
conn.test_transaction::<_, (), _>(|| {
let (posts, users, _) = fill_database(&r);
let act = json!({
"id": "https://plu.me/comment/1/activity",
"actor": users[0].ap_url,
"object": {
"type": "Note",
"id": "https://plu.me/comment/1",
"attributedTo": users[1].ap_url,
"inReplyTo": posts[0].ap_url,
"content": "Hello.",
"to": [plume_common::activity_pub::PUBLIC_VISIBILITY]
},
"type": "Create",
});
assert!(matches!(
super::inbox(&r, act.clone()),
Err(super::Error::Inbox(
box plume_common::activity_pub::inbox::InboxError::InvalidObject(_),
))
));
Ok(())
});
}
#[test]
fn create_post() {
let r = rockets();
@ -214,6 +244,42 @@ pub(crate) mod tests {
});
}
#[test]
fn spoof_post() {
let r = rockets();
let conn = &*r.conn;
conn.test_transaction::<_, (), _>(|| {
let (_, users, blogs) = fill_database(&r);
let act = json!({
"id": "https://plu.me/comment/1/activity",
"actor": users[0].ap_url,
"object": {
"type": "Article",
"id": "https://plu.me/~/Blog/my-article",
"attributedTo": [users[1].ap_url, blogs[0].ap_url],
"content": "Hello.",
"name": "My Article",
"summary": "Bye.",
"source": {
"content": "Hello.",
"mediaType": "text/markdown"
},
"published": "2014-12-12T12:12:12Z",
"to": [plume_common::activity_pub::PUBLIC_VISIBILITY]
},
"type": "Create",
});
assert!(matches!(
super::inbox(&r, act.clone()),
Err(super::Error::Inbox(
box plume_common::activity_pub::inbox::InboxError::InvalidObject(_),
))
));
Ok(())
});
}
#[test]
fn delete_comment() {
use crate::comments::*;

View File

@ -1,6 +1,7 @@
#![feature(try_trait)]
#![feature(never_type)]
#![feature(proc_macro_hygiene)]
#![feature(box_patterns)]
#[macro_use]
extern crate diesel;