Test more types we do not want to receive from strangers

This commit is contained in:
Mark Felder 2024-08-29 14:40:45 -04:00
parent 2b39956acb
commit 012132303f

View file

@ -688,21 +688,25 @@ test "without valid signature, " <>
# we capture all the params and process it later in the Oban job. # we capture all the params and process it later in the Oban job.
# Once we begin processing it through Oban we risk fetching the actor to validate the # Once we begin processing it through Oban we risk fetching the actor to validate the
# activity which just leads to inserting a new user to process a Delete not relevant to us. # activity which just leads to inserting a new user to process a Delete not relevant to us.
test "Deletes from an unknown actor are discarded", %{conn: conn} do test "Activities of certain types from an unknown actor are discarded", %{conn: conn} do
params = example_bad_types = ["Announce", "Delete", "Undo"]
%{
"type" => "Delete",
"actor" => "https://unknown.mastodon.instance/users/somebody"
}
|> Jason.encode!()
conn Enum.each(example_bad_types, fn bad_type ->
|> assign(:valid_signature, false) params =
|> put_req_header("content-type", "application/activity+json") %{
|> post("/inbox", params) "type" => bad_type,
|> json_response(400) "actor" => "https://unknown.mastodon.instance/users/somebody"
}
|> Jason.encode!()
assert all_enqueued() == [] conn
|> assign(:valid_signature, false)
|> put_req_header("content-type", "application/activity+json")
|> post("/inbox", params)
|> json_response(400)
assert all_enqueued() == []
end)
end end
test "accepts Add/Remove activities", %{conn: conn} do test "accepts Add/Remove activities", %{conn: conn} do