You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.

94 lines
4.2 KiB

  1. require 'rails_helper'
  2. RSpec.describe ResolveRemoteAccountService do
  3. subject { ResolveRemoteAccountService.new }
  4. before do
  5. stub_request(:get, "https://quitter.no/.well-known/host-meta").to_return(request_fixture('.host-meta.txt'))
  6. stub_request(:get, "https://example.com/.well-known/webfinger?resource=acct:catsrgr8@example.com").to_return(status: 404)
  7. stub_request(:get, "https://redirected.com/.well-known/host-meta").to_return(request_fixture('redirected.host-meta.txt'))
  8. stub_request(:get, "https://example.com/.well-known/host-meta").to_return(status: 404)
  9. stub_request(:get, "https://quitter.no/.well-known/webfinger?resource=acct:gargron@quitter.no").to_return(request_fixture('webfinger.txt'))
  10. stub_request(:get, "https://redirected.com/.well-known/webfinger?resource=acct:gargron@redirected.com").to_return(request_fixture('webfinger.txt'))
  11. stub_request(:get, "https://redirected.com/.well-known/webfinger?resource=acct:hacker1@redirected.com").to_return(request_fixture('webfinger-hacker1.txt'))
  12. stub_request(:get, "https://redirected.com/.well-known/webfinger?resource=acct:hacker2@redirected.com").to_return(request_fixture('webfinger-hacker2.txt'))
  13. stub_request(:get, "https://quitter.no/.well-known/webfinger?resource=acct:catsrgr8@quitter.no").to_return(status: 404)
  14. stub_request(:get, "https://quitter.no/api/statuses/user_timeline/7477.atom").to_return(request_fixture('feed.txt'))
  15. stub_request(:get, "https://quitter.no/avatar/7477-300-20160211190340.png").to_return(request_fixture('avatar.txt'))
  16. stub_request(:get, "https://localdomain.com/.well-known/host-meta").to_return(request_fixture('localdomain-hostmeta.txt'))
  17. stub_request(:get, "https://localdomain.com/.well-known/webfinger?resource=acct:foo@localdomain.com").to_return(status: 404)
  18. stub_request(:get, "https://webdomain.com/.well-known/webfinger?resource=acct:foo@localdomain.com").to_return(request_fixture('localdomain-webfinger.txt'))
  19. stub_request(:get, "https://webdomain.com/users/foo.atom").to_return(request_fixture('localdomain-feed.txt'))
  20. end
  21. it 'raises error if no such user can be resolved via webfinger' do
  22. expect(subject.call('catsrgr8@quitter.no')).to be_nil
  23. end
  24. it 'raises error if the domain does not have webfinger' do
  25. expect(subject.call('catsrgr8@example.com')).to be_nil
  26. end
  27. it 'returns an already existing remote account' do
  28. old_account = Fabricate(:account, username: 'gargron', domain: 'quitter.no')
  29. returned_account = subject.call('gargron@quitter.no')
  30. expect(old_account.id).to eq returned_account.id
  31. end
  32. it 'returns a new remote account' do
  33. account = subject.call('gargron@quitter.no')
  34. expect(account.username).to eq 'gargron'
  35. expect(account.domain).to eq 'quitter.no'
  36. expect(account.remote_url).to eq 'https://quitter.no/api/statuses/user_timeline/7477.atom'
  37. end
  38. it 'follows a legitimate account redirection' do
  39. account = subject.call('gargron@redirected.com')
  40. expect(account.username).to eq 'gargron'
  41. expect(account.domain).to eq 'quitter.no'
  42. expect(account.remote_url).to eq 'https://quitter.no/api/statuses/user_timeline/7477.atom'
  43. end
  44. it 'prevents hijacking existing accounts' do
  45. account = subject.call('hacker1@redirected.com')
  46. expect(account.salmon_url).to_not eq 'https://hacker.com/main/salmon/user/7477'
  47. end
  48. it 'prevents hijacking inexisting accounts' do
  49. expect(subject.call('hacker2@redirected.com')).to be_nil
  50. end
  51. it 'returns a new remote account' do
  52. account = subject.call('foo@localdomain.com')
  53. expect(account.username).to eq 'foo'
  54. expect(account.domain).to eq 'localdomain.com'
  55. expect(account.remote_url).to eq 'https://webdomain.com/users/foo.atom'
  56. end
  57. it 'processes one remote account at a time using locks' do
  58. wait_for_start = true
  59. fail_occurred = false
  60. return_values = []
  61. threads = Array.new(5) do
  62. Thread.new do
  63. true while wait_for_start
  64. begin
  65. return_values << subject.call('foo@localdomain.com')
  66. rescue ActiveRecord::RecordNotUnique
  67. fail_occurred = true
  68. end
  69. end
  70. end
  71. wait_for_start = false
  72. threads.each(&:join)
  73. expect(fail_occurred).to be false
  74. expect(return_values).to_not include(nil)
  75. end
  76. end