8cf7006d4e
* Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService ActivityPub::FetchRemoteAccountService is kept as a wrapper for when the actor is specifically required to be an Account * Refactor SignatureVerification to allow non-Account actors * fixup! Move ActivityPub::FetchRemoteAccountService to ActivityPub::FetchRemoteActorService * Refactor ActivityPub::FetchRemoteKeyService to potentially return non-Account actors * Refactor inbound ActivityPub payload processing to accept non-Account actors * Refactor inbound ActivityPub processing to accept activities relayed through non-Account * Refactor how Account key URIs are built * Refactor Request and drop unused key_id_format parameter * Rename ActivityPub::Dereferencer `signature_account` to `signature_actor`
74 lines
2.4 KiB
Ruby
74 lines
2.4 KiB
Ruby
require 'rails_helper'
|
|
|
|
RSpec.describe ActivityPub::Dereferencer do
|
|
describe '#object' do
|
|
let(:object) { { '@context': 'https://www.w3.org/ns/activitystreams', id: 'https://example.com/foo', type: 'Note', content: 'Hoge' } }
|
|
let(:permitted_origin) { 'https://example.com' }
|
|
let(:signature_actor) { nil }
|
|
let(:uri) { nil }
|
|
|
|
subject { described_class.new(uri, permitted_origin: permitted_origin, signature_actor: signature_actor).object }
|
|
|
|
before do
|
|
stub_request(:get, 'https://example.com/foo').to_return(body: Oj.dump(object), headers: { 'Content-Type' => 'application/activity+json' })
|
|
end
|
|
|
|
context 'with a URI' do
|
|
let(:uri) { 'https://example.com/foo' }
|
|
|
|
it 'returns object' do
|
|
expect(subject.with_indifferent_access).to eq object.with_indifferent_access
|
|
end
|
|
|
|
context 'with signature account' do
|
|
let(:signature_actor) { Fabricate(:account) }
|
|
|
|
it 'makes signed request' do
|
|
subject
|
|
expect(a_request(:get, 'https://example.com/foo').with { |req| req.headers['Signature'].present? }).to have_been_made
|
|
end
|
|
end
|
|
|
|
context 'with different origin' do
|
|
let(:uri) { 'https://other-example.com/foo' }
|
|
|
|
it 'does not make request' do
|
|
subject
|
|
expect(a_request(:get, 'https://other-example.com/foo')).to_not have_been_made
|
|
end
|
|
end
|
|
end
|
|
|
|
context 'with a bearcap' do
|
|
let(:uri) { 'bear:?t=hoge&u=https://example.com/foo' }
|
|
|
|
it 'makes request with Authorization header' do
|
|
subject
|
|
expect(a_request(:get, 'https://example.com/foo').with(headers: { 'Authorization' => 'Bearer hoge' })).to have_been_made
|
|
end
|
|
|
|
it 'returns object' do
|
|
expect(subject.with_indifferent_access).to eq object.with_indifferent_access
|
|
end
|
|
|
|
context 'with signature account' do
|
|
let(:signature_actor) { Fabricate(:account) }
|
|
|
|
it 'makes signed request' do
|
|
subject
|
|
expect(a_request(:get, 'https://example.com/foo').with { |req| req.headers['Signature'].present? && req.headers['Authorization'] == 'Bearer hoge' }).to have_been_made
|
|
end
|
|
end
|
|
|
|
context 'with different origin' do
|
|
let(:uri) { 'bear:?t=hoge&u=https://other-example.com/foo' }
|
|
|
|
it 'does not make request' do
|
|
subject
|
|
expect(a_request(:get, 'https://other-example.com/foo')).to_not have_been_made
|
|
end
|
|
end
|
|
end
|
|
end
|
|
end
|