mirror of
https://github.com/mastodon/mastodon.git
synced 2024-11-27 15:54:32 +00:00
290932602b
* Do not LDS-sign Follow, Accept, Reject, Undo, Block * Do not use LDS for Create activities of private toots * Minor cleanup * Ignore unsigned activities instead of misattributing them * Use status.distributable? instead of querying visibility directly
56 lines
1.8 KiB
Ruby
56 lines
1.8 KiB
Ruby
require 'rails_helper'
|
|
|
|
RSpec.describe ActivityPub::ProcessCollectionService, type: :service do
|
|
let(:actor) { Fabricate(:account, domain: 'example.com', uri: 'http://example.com/account') }
|
|
|
|
let(:payload) do
|
|
{
|
|
'@context': 'https://www.w3.org/ns/activitystreams',
|
|
id: 'foo',
|
|
type: 'Create',
|
|
actor: ActivityPub::TagManager.instance.uri_for(actor),
|
|
object: {
|
|
id: 'bar',
|
|
type: 'Note',
|
|
content: 'Lorem ipsum',
|
|
},
|
|
}
|
|
end
|
|
|
|
let(:json) { Oj.dump(payload) }
|
|
|
|
subject { described_class.new }
|
|
|
|
describe '#call' do
|
|
context 'when actor is the sender'
|
|
context 'when actor differs from sender' do
|
|
let(:forwarder) { Fabricate(:account, domain: 'example.com', uri: 'http://example.com/other_account') }
|
|
|
|
it 'does not process payload if no signature exists' do
|
|
expect_any_instance_of(ActivityPub::LinkedDataSignature).to receive(:verify_account!).and_return(nil)
|
|
expect(ActivityPub::Activity).not_to receive(:factory)
|
|
|
|
subject.call(json, forwarder)
|
|
end
|
|
|
|
it 'processes payload with actor if valid signature exists' do
|
|
payload['signature'] = { 'type' => 'RsaSignature2017' }
|
|
|
|
expect_any_instance_of(ActivityPub::LinkedDataSignature).to receive(:verify_account!).and_return(actor)
|
|
expect(ActivityPub::Activity).to receive(:factory).with(instance_of(Hash), actor, instance_of(Hash))
|
|
|
|
subject.call(json, forwarder)
|
|
end
|
|
|
|
it 'does not process payload if invalid signature exists' do
|
|
payload['signature'] = { 'type' => 'RsaSignature2017' }
|
|
|
|
expect_any_instance_of(ActivityPub::LinkedDataSignature).to receive(:verify_account!).and_return(nil)
|
|
expect(ActivityPub::Activity).not_to receive(:factory)
|
|
|
|
subject.call(json, forwarder)
|
|
end
|
|
end
|
|
end
|
|
end
|