You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

146 lines
6.4 KiB

  1. require 'rails_helper'
  2. RSpec.describe ResolveAccountService, type: :service do
  3. subject { described_class.new }
  4. before do
  5. stub_request(:get, "https://quitter.no/.well-known/host-meta").to_return(request_fixture('.host-meta.txt'))
  6. stub_request(:get, "https://example.com/.well-known/webfinger?resource=acct:catsrgr8@example.com").to_return(status: 404)
  7. stub_request(:get, "https://redirected.com/.well-known/host-meta").to_return(request_fixture('redirected.host-meta.txt'))
  8. stub_request(:get, "https://example.com/.well-known/host-meta").to_return(status: 404)
  9. stub_request(:get, "https://quitter.no/.well-known/webfinger?resource=acct:gargron@quitter.no").to_return(request_fixture('webfinger.txt'))
  10. stub_request(:get, "https://redirected.com/.well-known/webfinger?resource=acct:gargron@redirected.com").to_return(request_fixture('webfinger.txt'))
  11. stub_request(:get, "https://redirected.com/.well-known/webfinger?resource=acct:hacker1@redirected.com").to_return(request_fixture('webfinger-hacker1.txt'))
  12. stub_request(:get, "https://redirected.com/.well-known/webfinger?resource=acct:hacker2@redirected.com").to_return(request_fixture('webfinger-hacker2.txt'))
  13. stub_request(:get, "https://quitter.no/.well-known/webfinger?resource=acct:catsrgr8@quitter.no").to_return(status: 404)
  14. stub_request(:get, "https://quitter.no/api/statuses/user_timeline/7477.atom").to_return(request_fixture('feed.txt'))
  15. stub_request(:get, "https://quitter.no/avatar/7477-300-20160211190340.png").to_return(request_fixture('avatar.txt'))
  16. stub_request(:get, "https://localdomain.com/.well-known/host-meta").to_return(request_fixture('localdomain-hostmeta.txt'))
  17. stub_request(:get, "https://localdomain.com/.well-known/webfinger?resource=acct:foo@localdomain.com").to_return(status: 404)
  18. stub_request(:get, "https://webdomain.com/.well-known/webfinger?resource=acct:foo@localdomain.com").to_return(request_fixture('localdomain-webfinger.txt'))
  19. stub_request(:get, "https://webdomain.com/users/foo.atom").to_return(request_fixture('localdomain-feed.txt'))
  20. end
  21. it 'raises error if no such user can be resolved via webfinger' do
  22. expect(subject.call('catsrgr8@quitter.no')).to be_nil
  23. end
  24. it 'raises error if the domain does not have webfinger' do
  25. expect(subject.call('catsrgr8@example.com')).to be_nil
  26. end
  27. it 'prevents hijacking existing accounts' do
  28. account = subject.call('hacker1@redirected.com')
  29. expect(account.salmon_url).to_not eq 'https://hacker.com/main/salmon/user/7477'
  30. end
  31. it 'prevents hijacking inexisting accounts' do
  32. expect(subject.call('hacker2@redirected.com')).to be_nil
  33. end
  34. context 'with an OStatus account' do
  35. it 'returns an already existing remote account' do
  36. old_account = Fabricate(:account, username: 'gargron', domain: 'quitter.no')
  37. returned_account = subject.call('gargron@quitter.no')
  38. expect(old_account.id).to eq returned_account.id
  39. end
  40. it 'returns a new remote account' do
  41. account = subject.call('gargron@quitter.no')
  42. expect(account.username).to eq 'gargron'
  43. expect(account.domain).to eq 'quitter.no'
  44. expect(account.remote_url).to eq 'https://quitter.no/api/statuses/user_timeline/7477.atom'
  45. end
  46. it 'follows a legitimate account redirection' do
  47. account = subject.call('gargron@redirected.com')
  48. expect(account.username).to eq 'gargron'
  49. expect(account.domain).to eq 'quitter.no'
  50. expect(account.remote_url).to eq 'https://quitter.no/api/statuses/user_timeline/7477.atom'
  51. end
  52. it 'returns a new remote account' do
  53. account = subject.call('foo@localdomain.com')
  54. expect(account.username).to eq 'foo'
  55. expect(account.domain).to eq 'localdomain.com'
  56. expect(account.remote_url).to eq 'https://webdomain.com/users/foo.atom'
  57. end
  58. end
  59. context 'with an ActivityPub account' do
  60. before do
  61. stub_request(:get, "https://ap.example.com/.well-known/webfinger?resource=acct:foo@ap.example.com").to_return(request_fixture('activitypub-webfinger.txt'))
  62. stub_request(:get, "https://ap.example.com/users/foo").to_return(request_fixture('activitypub-actor.txt'))
  63. stub_request(:get, "https://ap.example.com/users/foo.atom").to_return(request_fixture('activitypub-feed.txt'))
  64. stub_request(:get, %r{https://ap.example.com/users/foo/\w+}).to_return(status: 404)
  65. end
  66. it 'fallback to OStatus if actor json could not be fetched' do
  67. stub_request(:get, "https://ap.example.com/users/foo").to_return(status: 404)
  68. account = subject.call('foo@ap.example.com')
  69. expect(account.ostatus?).to eq true
  70. expect(account.remote_url).to eq 'https://ap.example.com/users/foo.atom'
  71. end
  72. it 'fallback to OStatus if actor json did not have inbox_url' do
  73. stub_request(:get, "https://ap.example.com/users/foo").to_return(request_fixture('activitypub-actor-noinbox.txt'))
  74. account = subject.call('foo@ap.example.com')
  75. expect(account.ostatus?).to eq true
  76. expect(account.remote_url).to eq 'https://ap.example.com/users/foo.atom'
  77. end
  78. it 'returns new remote account' do
  79. account = subject.call('foo@ap.example.com')
  80. expect(account.activitypub?).to eq true
  81. expect(account.domain).to eq 'ap.example.com'
  82. expect(account.inbox_url).to eq 'https://ap.example.com/users/foo/inbox'
  83. end
  84. context 'with multiple types' do
  85. before do
  86. stub_request(:get, "https://ap.example.com/users/foo").to_return(request_fixture('activitypub-actor-individual.txt'))
  87. end
  88. it 'returns new remote account' do
  89. account = subject.call('foo@ap.example.com')
  90. expect(account.activitypub?).to eq true
  91. expect(account.domain).to eq 'ap.example.com'
  92. expect(account.inbox_url).to eq 'https://ap.example.com/users/foo/inbox'
  93. expect(account.actor_type).to eq 'Person'
  94. end
  95. end
  96. end
  97. it 'processes one remote account at a time using locks' do
  98. wait_for_start = true
  99. fail_occurred = false
  100. return_values = []
  101. threads = Array.new(5) do
  102. Thread.new do
  103. true while wait_for_start
  104. begin
  105. return_values << described_class.new.call('foo@localdomain.com')
  106. rescue ActiveRecord::RecordNotUnique
  107. fail_occurred = true
  108. end
  109. end
  110. end
  111. wait_for_start = false
  112. threads.each(&:join)
  113. expect(fail_occurred).to be false
  114. expect(return_values).to_not include(nil)
  115. end
  116. end