Add stricter protocol fields validation for accounts (#25937)

2023-07-20 18:23:48 +02:00 · 2023-07-20 18:23:48 +02:00 · 1e3b19230a
commit 1e3b19230a
parent 1cceb62afd
19 changed files with 96 additions and 49 deletions
--- a/spec/services/delete_account_service_spec.rb
+++ b/spec/services/delete_account_service_spec.rb
@ -65,8 +65,8 @@ RSpec.describe DeleteAccountService, type: :service do
      stub_request(:post, 'https://bob.com/inbox').to_return(status: 201)
    end

-    let!(:remote_alice) { Fabricate(:account, inbox_url: 'https://alice.com/inbox', protocol: :activitypub) }
-    let!(:remote_bob) { Fabricate(:account, inbox_url: 'https://bob.com/inbox', protocol: :activitypub) }
+    let!(:remote_alice) { Fabricate(:account, inbox_url: 'https://alice.com/inbox', domain: 'alice.com', protocol: :activitypub) }
+    let!(:remote_bob) { Fabricate(:account, inbox_url: 'https://bob.com/inbox', domain: 'bob.com', protocol: :activitypub) }

    include_examples 'common behavior' do
      let!(:account) { Fabricate(:account) }
@ -87,12 +87,34 @@ RSpec.describe DeleteAccountService, type: :service do
    end

    include_examples 'common behavior' do
-      let!(:account) { Fabricate(:account, inbox_url: 'https://bob.com/inbox', protocol: :activitypub) }
+      let!(:account) { Fabricate(:account, inbox_url: 'https://bob.com/inbox', protocol: :activitypub, domain: 'bob.com') }
      let!(:local_follower) { Fabricate(:account) }

-      it 'sends a reject follow to follower inboxes' do
+      it 'sends expected activities to followed and follower inboxes' do
        subject
-        expect(a_request(:post, account.inbox_url)).to have_been_made.once
+
+        expect(a_request(:post, account.inbox_url).with(
+                 body:
+                   hash_including({
+                     'type' => 'Reject',
+                     'object' => hash_including({
+                       'type' => 'Follow',
+                       'actor' => account.uri,
+                       'object' => ActivityPub::TagManager.instance.uri_for(local_follower),
+                     }),
+                   })
+               )).to have_been_made.once
+
+        expect(a_request(:post, account.inbox_url).with(
+                 body: hash_including({
+                   'type' => 'Undo',
+                   'object' => hash_including({
+                     'type' => 'Follow',
+                     'actor' => ActivityPub::TagManager.instance.uri_for(local_follower),
+                     'object' => account.uri,
+                   }),
+                 })
+               )).to have_been_made.once
      end
    end
  end
--- a/spec/services/resolve_url_service_spec.rb
+++ b/spec/services/resolve_url_service_spec.rb
@ -8,7 +8,7 @@ describe ResolveURLService, type: :service do
  describe '#call' do
    it 'returns nil when there is no resource url' do
      url           = 'http://example.com/missing-resource'
-      known_account = Fabricate(:account, uri: url)
+      known_account = Fabricate(:account, uri: url, domain: 'example.com')
      service = instance_double(FetchResourceService)

      allow(FetchResourceService).to receive(:new).and_return service
@ -20,7 +20,7 @@ describe ResolveURLService, type: :service do

    it 'returns known account on temporary error' do
      url           = 'http://example.com/missing-resource'
-      known_account = Fabricate(:account, uri: url)
+      known_account = Fabricate(:account, uri: url, domain: 'example.com')
      service = instance_double(FetchResourceService)

      allow(FetchResourceService).to receive(:new).and_return service
--- a/spec/services/suspend_account_service_spec.rb
+++ b/spec/services/suspend_account_service_spec.rb
@ -44,8 +44,8 @@ RSpec.describe SuspendAccountService, type: :service do

    include_examples 'common behavior' do
      let!(:account)         { Fabricate(:account) }
-      let!(:remote_follower) { Fabricate(:account, uri: 'https://alice.com', inbox_url: 'https://alice.com/inbox', protocol: :activitypub) }
-      let!(:remote_reporter) { Fabricate(:account, uri: 'https://bob.com', inbox_url: 'https://bob.com/inbox', protocol: :activitypub) }
+      let!(:remote_follower) { Fabricate(:account, uri: 'https://alice.com', inbox_url: 'https://alice.com/inbox', protocol: :activitypub, domain: 'alice.com') }
+      let!(:remote_reporter) { Fabricate(:account, uri: 'https://bob.com', inbox_url: 'https://bob.com/inbox', protocol: :activitypub, domain: 'bob.com') }
      let!(:report)          { Fabricate(:report, account: remote_reporter, target_account: account) }

      before do
--- a/spec/services/unsuspend_account_service_spec.rb
+++ b/spec/services/unsuspend_account_service_spec.rb
@ -38,8 +38,8 @@ RSpec.describe UnsuspendAccountService, type: :service do

    include_examples 'with common context' do
      let!(:account)         { Fabricate(:account) }
-      let!(:remote_follower) { Fabricate(:account, uri: 'https://alice.com', inbox_url: 'https://alice.com/inbox', protocol: :activitypub) }
-      let!(:remote_reporter) { Fabricate(:account, uri: 'https://bob.com', inbox_url: 'https://bob.com/inbox', protocol: :activitypub) }
+      let!(:remote_follower) { Fabricate(:account, uri: 'https://alice.com', inbox_url: 'https://alice.com/inbox', protocol: :activitypub, domain: 'alice.com') }
+      let!(:remote_reporter) { Fabricate(:account, uri: 'https://bob.com', inbox_url: 'https://bob.com/inbox', protocol: :activitypub, domain: 'bob.com') }
      let!(:report)          { Fabricate(:report, account: remote_reporter, target_account: account) }

      before do