2016-02-25 10:17:01 +11:00
|
|
|
require 'rails_helper'
|
|
|
|
|
2018-05-03 02:58:48 +10:00
|
|
|
RSpec.describe ResolveAccountService, type: :service do
|
2017-08-13 08:44:41 +10:00
|
|
|
subject { described_class.new }
|
2016-03-05 22:50:59 +11:00
|
|
|
|
2017-04-20 01:28:35 +10:00
|
|
|
before do
|
|
|
|
stub_request(:get, "https://example.com/.well-known/host-meta").to_return(status: 404)
|
|
|
|
stub_request(:get, "https://quitter.no/avatar/7477-300-20160211190340.png").to_return(request_fixture('avatar.txt'))
|
2019-07-07 07:26:16 +10:00
|
|
|
stub_request(:get, "https://ap.example.com/.well-known/webfinger?resource=acct:foo@ap.example.com").to_return(request_fixture('activitypub-webfinger.txt'))
|
|
|
|
stub_request(:get, "https://ap.example.com/users/foo").to_return(request_fixture('activitypub-actor.txt'))
|
|
|
|
stub_request(:get, "https://ap.example.com/users/foo.atom").to_return(request_fixture('activitypub-feed.txt'))
|
|
|
|
stub_request(:get, %r{https://ap.example.com/users/foo/\w+}).to_return(status: 404)
|
2017-04-20 01:28:35 +10:00
|
|
|
end
|
|
|
|
|
Backport fixes to 3.2 (#15360)
* Fix 2FA/sign-in token sessions being valid after password change (#14802)
If someone tries logging in to an account and is prompted for a 2FA
code or sign-in token, even if the account's password or e-mail is
updated in the meantime, the session will show the prompt and allow
the login process to complete with a valid 2FA code or sign-in token
* Fix Move handler not being triggered when failing to fetch target (#15107)
When failing to fetch the target account, the ProcessingWorker fails
as expected, but since it hasn't cleared the `move_in_progress` flag,
the next attempt at processing skips the `Move` activity altogether.
This commit changes it to clear the flag when encountering any
unexpected error on fetching the target account. This is likely to
occur because, of, e.g., a timeout, when many instances query the
same actor at the same time.
* Fix slow distinct queries where grouped queries are faster (#15287)
About 2x speed-up on inboxes query
* Fix possible inconsistencies in tag search (#14906)
Do not downcase the queried tag before passing it to postgres when searching:
- tags are not downcased on creation
- `arel_table[:name].lower.matches(pattern)` generates an ILIKE anyway
- if Postgres and Rails happen to use different case-folding rules,
downcasing before query but not before insertion may mean that some
tags with some casings are not searchable
* Fix updating account counters when account_stat is not yet created (#15108)
* Fix account processing failing because of large collections (#15027)
Fixes #15025
* Fix downloading remote media files when server returns empty filename (#14867)
Fixes #14817
* Fix webfinger redirect handling in ResolveAccountService (#15187)
* Fix webfinger redirect handling in ResolveAccountService
ResolveAccountService#process_webfinger! handled a one-step webfinger
redirection, but only accepting the result if it matched the exact URI passed
as input, defeating the point of a redirection check.
Instead, use the same logic as in `ActivityPub::FetchRemoteAccountService`,
updating the resulting `acct:` URI with the result of the first webfinger
query.
* Add tests
* Remove dependency on unused and unmaintained http_parser.rb gem (#14574)
It seems that years ago, the “http” gem dependend on the “http_parser.rb” gem
(it now depends on the “http-parser” gem), and, still years ago, we pulled
it from git in order to benefit from a bugfix that wasn't released yet (#7467).
* Add tootctl maintenance fix-duplicates (#14860, #15201, #15264, #15349, #15359)
* Fix old migration script not being able to run if it fails midway (#15361)
* Fix old migration script not being able to run if it fails midway
Improve the robustness of a migration script likely to fail because of database
corruption so it can run again once database corruptions are fixed.
* Display a specific error message in case of index corruption
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-19 09:31:14 +11:00
|
|
|
context 'when there is an LRDD endpoint but no resolvable account' do
|
|
|
|
before do
|
|
|
|
stub_request(:get, "https://quitter.no/.well-known/host-meta").to_return(request_fixture('.host-meta.txt'))
|
|
|
|
stub_request(:get, "https://quitter.no/.well-known/webfinger?resource=acct:catsrgr8@quitter.no").to_return(status: 404)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns nil' do
|
|
|
|
expect(subject.call('catsrgr8@quitter.no')).to be_nil
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'when there is no LRDD endpoint nor resolvable account' do
|
|
|
|
before do
|
|
|
|
stub_request(:get, "https://example.com/.well-known/webfinger?resource=acct:catsrgr8@example.com").to_return(status: 404)
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns nil' do
|
|
|
|
expect(subject.call('catsrgr8@example.com')).to be_nil
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
context 'with a legitimate webfinger redirection' do
|
|
|
|
before do
|
|
|
|
webfinger = { subject: 'acct:foo@ap.example.com', links: [{ rel: 'self', href: 'https://ap.example.com/users/foo' }] }
|
|
|
|
stub_request(:get, 'https://redirected.example.com/.well-known/webfinger?resource=acct:Foo@redirected.example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' })
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns new remote account' do
|
|
|
|
account = subject.call('Foo@redirected.example.com')
|
|
|
|
|
|
|
|
expect(account.activitypub?).to eq true
|
|
|
|
expect(account.acct).to eq 'foo@ap.example.com'
|
|
|
|
expect(account.inbox_url).to eq 'https://ap.example.com/users/foo/inbox'
|
|
|
|
end
|
2017-04-20 01:28:35 +10:00
|
|
|
end
|
|
|
|
|
Backport fixes to 3.2 (#15360)
* Fix 2FA/sign-in token sessions being valid after password change (#14802)
If someone tries logging in to an account and is prompted for a 2FA
code or sign-in token, even if the account's password or e-mail is
updated in the meantime, the session will show the prompt and allow
the login process to complete with a valid 2FA code or sign-in token
* Fix Move handler not being triggered when failing to fetch target (#15107)
When failing to fetch the target account, the ProcessingWorker fails
as expected, but since it hasn't cleared the `move_in_progress` flag,
the next attempt at processing skips the `Move` activity altogether.
This commit changes it to clear the flag when encountering any
unexpected error on fetching the target account. This is likely to
occur because, of, e.g., a timeout, when many instances query the
same actor at the same time.
* Fix slow distinct queries where grouped queries are faster (#15287)
About 2x speed-up on inboxes query
* Fix possible inconsistencies in tag search (#14906)
Do not downcase the queried tag before passing it to postgres when searching:
- tags are not downcased on creation
- `arel_table[:name].lower.matches(pattern)` generates an ILIKE anyway
- if Postgres and Rails happen to use different case-folding rules,
downcasing before query but not before insertion may mean that some
tags with some casings are not searchable
* Fix updating account counters when account_stat is not yet created (#15108)
* Fix account processing failing because of large collections (#15027)
Fixes #15025
* Fix downloading remote media files when server returns empty filename (#14867)
Fixes #14817
* Fix webfinger redirect handling in ResolveAccountService (#15187)
* Fix webfinger redirect handling in ResolveAccountService
ResolveAccountService#process_webfinger! handled a one-step webfinger
redirection, but only accepting the result if it matched the exact URI passed
as input, defeating the point of a redirection check.
Instead, use the same logic as in `ActivityPub::FetchRemoteAccountService`,
updating the resulting `acct:` URI with the result of the first webfinger
query.
* Add tests
* Remove dependency on unused and unmaintained http_parser.rb gem (#14574)
It seems that years ago, the “http” gem dependend on the “http_parser.rb” gem
(it now depends on the “http-parser” gem), and, still years ago, we pulled
it from git in order to benefit from a bugfix that wasn't released yet (#7467).
* Add tootctl maintenance fix-duplicates (#14860, #15201, #15264, #15349, #15359)
* Fix old migration script not being able to run if it fails midway (#15361)
* Fix old migration script not being able to run if it fails midway
Improve the robustness of a migration script likely to fail because of database
corruption so it can run again once database corruptions are fixed.
* Display a specific error message in case of index corruption
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
Co-authored-by: Eugen Rochko <eugen@zeonfederated.com>
Co-authored-by: Claire <claire.github-309c@sitedethib.com>
2020-12-19 09:31:14 +11:00
|
|
|
context 'with too many webfinger redirections' do
|
|
|
|
before do
|
|
|
|
webfinger = { subject: 'acct:foo@evil.example.com', links: [{ rel: 'self', href: 'https://ap.example.com/users/foo' }] }
|
|
|
|
stub_request(:get, 'https://redirected.example.com/.well-known/webfinger?resource=acct:Foo@redirected.example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' })
|
|
|
|
webfinger2 = { subject: 'acct:foo@ap.example.com', links: [{ rel: 'self', href: 'https://ap.example.com/users/foo' }] }
|
|
|
|
stub_request(:get, 'https://evil.example.com/.well-known/webfinger?resource=acct:foo@evil.example.com').to_return(body: Oj.dump(webfinger2), headers: { 'Content-Type': 'application/jrd+json' })
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns nil' do
|
|
|
|
expect(subject.call('Foo@redirected.example.com')).to be_nil
|
|
|
|
end
|
2017-04-20 01:28:35 +10:00
|
|
|
end
|
|
|
|
|
2017-08-13 08:44:41 +10:00
|
|
|
context 'with an ActivityPub account' do
|
2017-09-17 19:54:23 +10:00
|
|
|
it 'returns new remote account' do
|
|
|
|
account = subject.call('foo@ap.example.com')
|
|
|
|
|
|
|
|
expect(account.activitypub?).to eq true
|
|
|
|
expect(account.domain).to eq 'ap.example.com'
|
|
|
|
expect(account.inbox_url).to eq 'https://ap.example.com/users/foo/inbox'
|
|
|
|
end
|
|
|
|
|
2018-05-02 20:40:24 +10:00
|
|
|
context 'with multiple types' do
|
|
|
|
before do
|
|
|
|
stub_request(:get, "https://ap.example.com/users/foo").to_return(request_fixture('activitypub-actor-individual.txt'))
|
|
|
|
end
|
|
|
|
|
|
|
|
it 'returns new remote account' do
|
|
|
|
account = subject.call('foo@ap.example.com')
|
|
|
|
|
|
|
|
expect(account.activitypub?).to eq true
|
|
|
|
expect(account.domain).to eq 'ap.example.com'
|
|
|
|
expect(account.inbox_url).to eq 'https://ap.example.com/users/foo/inbox'
|
2018-05-08 21:30:04 +10:00
|
|
|
expect(account.actor_type).to eq 'Person'
|
2018-05-02 20:40:24 +10:00
|
|
|
end
|
|
|
|
end
|
2017-05-04 04:40:14 +10:00
|
|
|
end
|
2017-07-19 22:44:04 +10:00
|
|
|
|
|
|
|
it 'processes one remote account at a time using locks' do
|
|
|
|
wait_for_start = true
|
|
|
|
fail_occurred = false
|
2019-07-07 07:26:16 +10:00
|
|
|
return_values = Concurrent::Array.new
|
2017-07-19 22:44:04 +10:00
|
|
|
|
2019-07-09 11:27:35 +10:00
|
|
|
# Preload classes that throw circular dependency errors in threads
|
|
|
|
Account
|
|
|
|
TagManager
|
|
|
|
DomainBlock
|
|
|
|
|
2017-07-19 22:44:04 +10:00
|
|
|
threads = Array.new(5) do
|
|
|
|
Thread.new do
|
|
|
|
true while wait_for_start
|
2019-07-07 07:26:16 +10:00
|
|
|
|
2017-07-19 22:44:04 +10:00
|
|
|
begin
|
2019-07-07 07:26:16 +10:00
|
|
|
return_values << described_class.new.call('foo@ap.example.com')
|
2017-07-19 22:44:04 +10:00
|
|
|
rescue ActiveRecord::RecordNotUnique
|
|
|
|
fail_occurred = true
|
|
|
|
end
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
wait_for_start = false
|
|
|
|
threads.each(&:join)
|
|
|
|
|
|
|
|
expect(fail_occurred).to be false
|
|
|
|
expect(return_values).to_not include(nil)
|
|
|
|
end
|
2016-02-25 10:17:01 +11:00
|
|
|
end
|