Fix bad URL schemes being accepted (#6219)

* Fix actors accepting invalid URI schemes or different host between URI and URL * Fix statuses accepting invalid URI scheme or different host to actor * Adjust tests to new requirements * Improve readability of mismatching_origin?/invalid_origin? methods
2018-01-08 05:00:23 +01:00 · 2018-01-08 05:00:23 +01:00 · e4a241abef
commit e4a241abef
parent 93555182c3
5 changed files with 62 additions and 24 deletions
--- a/spec/services/activitypub/fetch_remote_status_service_spec.rb
+++ b/spec/services/activitypub/fetch_remote_status_service_spec.rb
@ -21,6 +21,8 @@ RSpec.describe ActivityPub::FetchRemoteStatusService do

  describe '#call' do
    before do
+      sender.update(uri: ActivityPub::TagManager.instance.uri_for(sender))
+
      stub_request(:head, 'https://example.com/watch?v=12345').to_return(status: 404, body: '')
      subject.call(object[:id], prefetched_body: Oj.dump(object))
    end
@ -48,13 +50,13 @@ RSpec.describe ActivityPub::FetchRemoteStatusService do
            {
              type: 'Link',
              mimeType: 'application/x-bittorrent',
-              href: 'https://example.com/12345.torrent',
+              href: "https://#{valid_domain}/12345.torrent",
            },

            {
              type: 'Link',
              mimeType: 'text/html',
-              href: 'https://example.com/watch?v=12345',
+              href: "https://#{valid_domain}/watch?v=12345",
            },
          ],
        }
@ -64,8 +66,8 @@ RSpec.describe ActivityPub::FetchRemoteStatusService do
        status = sender.statuses.first

        expect(status).to_not be_nil
-        expect(status.url).to eq 'https://example.com/watch?v=12345'
-        expect(strip_tags(status.text)).to eq 'Nyan Cat 10 hours remix https://example.com/watch?v=12345'
+        expect(status.url).to eq "https://#{valid_domain}/watch?v=12345"
+        expect(strip_tags(status.text)).to eq "Nyan Cat 10 hours remix https://#{valid_domain}/watch?v=12345"
      end
    end
  end