Compare commits
	
		
			12 Commits
		
	
	
		
			features/v
			...
			features/v
		
	
	| Author | SHA1 | Date | |
|---|---|---|---|
|  | b7b03e8d26 | ||
|  | a07fff079b | ||
|  | 6f29d50aa5 | ||
|  | 9e5af6bb58 | ||
|  | 6499850ac4 | ||
|  | 6f36b633a7 | ||
|  | d807b3960e | ||
|  | 2f6518cae2 | ||
|  | cdbe2855f3 | ||
|  | fdde3cdb4e | ||
|  | ce9c641d9a | ||
|  | 5799bc4af7 | 
							
								
								
									
										35
									
								
								CHANGELOG.md
									
									
									
									
									
								
							
							
						
						
									
										35
									
								
								CHANGELOG.md
									
									
									
									
									
								
							| @@ -3,6 +3,41 @@ Changelog | ||||
|  | ||||
| All notable changes to this project will be documented in this file. | ||||
|  | ||||
| ## [4.1.15] - 2024-02-16 | ||||
|  | ||||
| ### Fixed | ||||
|  | ||||
| - Fix OmniAuth tests and edge cases in error handling ([ClearlyClaire](https://github.com/mastodon/mastodon/pull/29201), [ClearlyClaire](https://github.com/mastodon/mastodon/pull/29207)) | ||||
|  | ||||
| ### Security | ||||
|  | ||||
| - Fix insufficient checking of remote posts ([GHSA-jhrq-qvrm-qr36](https://github.com/mastodon/mastodon/security/advisories/GHSA-jhrq-qvrm-qr36)) | ||||
|  | ||||
| ## [4.1.14] - 2024-02-14 | ||||
|  | ||||
| ### Security | ||||
|  | ||||
| - Update the `sidekiq-unique-jobs` dependency (see [GHSA-cmh9-rx85-xj38](https://github.com/mhenrixon/sidekiq-unique-jobs/security/advisories/GHSA-cmh9-rx85-xj38)) | ||||
|   In addition, we have disabled the web interface for `sidekiq-unique-jobs` out of caution. | ||||
|   If you need it, you can re-enable it by setting `ENABLE_SIDEKIQ_UNIQUE_JOBS_UI=true`. | ||||
|   If you only need to clear all locks, you can now use `bundle exec rake sidekiq_unique_jobs:delete_all_locks`. | ||||
| - Update the `nokogiri` dependency (see [GHSA-xc9x-jj77-9p9j](https://github.com/sparklemotion/nokogiri/security/advisories/GHSA-xc9x-jj77-9p9j)) | ||||
| - Disable administrative Doorkeeper routes ([ThisIsMissEm](https://github.com/mastodon/mastodon/pull/29187)) | ||||
| - Fix ongoing streaming sessions not being invalidated when applications get deleted in some cases ([GHSA-7w3c-p9j8-mq3x](https://github.com/mastodon/mastodon/security/advisories/GHSA-7w3c-p9j8-mq3x)) | ||||
|   In some rare cases, the streaming server was not notified of access tokens revocation on application deletion. | ||||
| - Change external authentication behavior to never reattach a new identity to an existing user by default ([GHSA-vm39-j3vx-pch3](https://github.com/mastodon/mastodon/security/advisories/GHSA-vm39-j3vx-pch3)) | ||||
|   Up until now, Mastodon has allowed new identities from external authentication providers to attach to an existing local user based on their verified e-mail address. | ||||
|   This allowed upgrading users from a database-stored password to an external authentication provider, or move from one authentication provider to another. | ||||
|   However, this behavior may be unexpected, and means that when multiple authentication providers are configured, the overall security would be that of the least secure authentication provider. | ||||
|   For these reasons, this behavior is now locked under the `ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH` environment variable. | ||||
|   In addition, regardless of this environment variable, Mastodon will refuse to attach two identities from the same authentication provider to the same account. | ||||
|  | ||||
| ## [4.1.13] - 2024-02-01 | ||||
|  | ||||
| ### Security | ||||
|  | ||||
| - Fix insufficient origin validation (CVE-2024-23832, [GHSA-3fjr-858r-92rw](https://github.com/mastodon/mastodon/security/advisories/GHSA-3fjr-858r-92rw)) | ||||
|  | ||||
| ## [4.1.12] - 2024-01-24 | ||||
|  | ||||
| ### Fixed | ||||
|   | ||||
							
								
								
									
										14
									
								
								Gemfile.lock
									
									
									
									
									
								
							
							
						
						
									
										14
									
								
								Gemfile.lock
									
									
									
									
									
								
							| @@ -405,7 +405,7 @@ GEM | ||||
|       mime-types-data (~> 3.2015) | ||||
|     mime-types-data (3.2022.0105) | ||||
|     mini_mime (1.1.5) | ||||
|     mini_portile2 (2.8.4) | ||||
|     mini_portile2 (2.8.5) | ||||
|     minitest (5.17.0) | ||||
|     msgpack (1.6.0) | ||||
|     multi_json (1.15.0) | ||||
| @@ -424,8 +424,8 @@ GEM | ||||
|       net-protocol | ||||
|     net-ssh (7.0.1) | ||||
|     nio4r (2.5.9) | ||||
|     nokogiri (1.14.5) | ||||
|       mini_portile2 (~> 2.8.0) | ||||
|     nokogiri (1.16.2) | ||||
|       mini_portile2 (~> 2.8.2) | ||||
|       racc (~> 1.4) | ||||
|     nsa (0.2.8) | ||||
|       activesupport (>= 4.2, < 7) | ||||
| @@ -468,7 +468,7 @@ GEM | ||||
|     parslet (2.0.0) | ||||
|     pastel (0.8.0) | ||||
|       tty-color (~> 0.5) | ||||
|     pg (1.4.5) | ||||
|     pg (1.4.6) | ||||
|     pghero (3.1.0) | ||||
|       activerecord (>= 6) | ||||
|     pkg-config (1.5.1) | ||||
| @@ -496,7 +496,7 @@ GEM | ||||
|     pundit (2.3.0) | ||||
|       activesupport (>= 3.0.0) | ||||
|     raabro (1.4.0) | ||||
|     racc (1.6.2) | ||||
|     racc (1.7.3) | ||||
|     rack (2.2.8) | ||||
|     rack-attack (6.6.1) | ||||
|       rack (>= 1.0, < 3) | ||||
| @@ -634,7 +634,7 @@ GEM | ||||
|       activerecord (>= 4.0.0) | ||||
|       railties (>= 4.0.0) | ||||
|     semantic_range (3.0.0) | ||||
|     sidekiq (6.5.11) | ||||
|     sidekiq (6.5.12) | ||||
|       connection_pool (>= 2.2.5, < 3) | ||||
|       rack (~> 2.0) | ||||
|       redis (>= 4.5.0, < 5) | ||||
| @@ -645,7 +645,7 @@ GEM | ||||
|       rufus-scheduler (~> 3.2) | ||||
|       sidekiq (>= 4, < 7) | ||||
|       tilt (>= 1.4.0) | ||||
|     sidekiq-unique-jobs (7.1.29) | ||||
|     sidekiq-unique-jobs (7.1.33) | ||||
|       brpoplpush-redis_script (> 0.1.1, <= 2.0.0) | ||||
|       concurrent-ruby (~> 1.0, >= 1.0.5) | ||||
|       redis (< 5.0) | ||||
|   | ||||
| @@ -14,6 +14,4 @@ A "vulnerability in Mastodon" is a vulnerability in the code distributed through | ||||
| | ------- | ---------------- | | ||||
| | 4.2.x   | Yes              | | ||||
| | 4.1.x   | Yes              | | ||||
| | 4.0.x   | No               | | ||||
| | 3.5.x   | Until 2023-12-31 | | ||||
| | < 3.5   | No               | | ||||
| | < 4.1   | No               | | ||||
|   | ||||
| @@ -5,7 +5,7 @@ class Auth::OmniauthCallbacksController < Devise::OmniauthCallbacksController | ||||
|  | ||||
|   def self.provides_callback_for(provider) | ||||
|     define_method provider do | ||||
|       @user = User.find_for_oauth(request.env['omniauth.auth'], current_user) | ||||
|       @user = User.find_for_omniauth(request.env['omniauth.auth'], current_user) | ||||
|  | ||||
|       if @user.persisted? | ||||
|         LoginActivity.create( | ||||
| @@ -24,6 +24,9 @@ class Auth::OmniauthCallbacksController < Devise::OmniauthCallbacksController | ||||
|         session["devise.#{provider}_data"] = request.env['omniauth.auth'] | ||||
|         redirect_to new_user_registration_url | ||||
|       end | ||||
|     rescue ActiveRecord::RecordInvalid | ||||
|       flash[:alert] = I18n.t('devise.failure.omniauth_user_creation_failure') if is_navigational_format? | ||||
|       redirect_to new_user_session_url | ||||
|     end | ||||
|   end | ||||
|  | ||||
|   | ||||
| @@ -263,7 +263,7 @@ module SignatureVerification | ||||
|       stoplight_wrap_request { ResolveAccountService.new.call(key_id.gsub(/\Aacct:/, ''), suppress_errors: false) } | ||||
|     elsif !ActivityPub::TagManager.instance.local_uri?(key_id) | ||||
|       account   = ActivityPub::TagManager.instance.uri_to_actor(key_id) | ||||
|       account ||= stoplight_wrap_request { ActivityPub::FetchRemoteKeyService.new.call(key_id, id: false, suppress_errors: false) } | ||||
|       account ||= stoplight_wrap_request { ActivityPub::FetchRemoteKeyService.new.call(key_id, suppress_errors: false) } | ||||
|       account | ||||
|     end | ||||
|   rescue Mastodon::PrivateNetworkAddressError => e | ||||
|   | ||||
| @@ -157,8 +157,8 @@ module JsonLdHelper | ||||
|     end | ||||
|   end | ||||
|  | ||||
|   def fetch_resource(uri, id, on_behalf_of = nil, request_options: {}) | ||||
|     unless id | ||||
|   def fetch_resource(uri, id_is_known, on_behalf_of = nil, request_options: {}) | ||||
|     unless id_is_known | ||||
|       json = fetch_resource_without_id_validation(uri, on_behalf_of) | ||||
|  | ||||
|       return if !json.is_a?(Hash) || unsupported_uri_scheme?(json['id']) | ||||
| @@ -176,7 +176,19 @@ module JsonLdHelper | ||||
|     build_request(uri, on_behalf_of, options: request_options).perform do |response| | ||||
|       raise Mastodon::UnexpectedResponseError, response unless response_successful?(response) || response_error_unsalvageable?(response) || !raise_on_temporary_error | ||||
|  | ||||
|       body_to_json(response.body_with_limit) if response.code == 200 | ||||
|       body_to_json(response.body_with_limit) if response.code == 200 && valid_activitypub_content_type?(response) | ||||
|     end | ||||
|   end | ||||
|  | ||||
|   def valid_activitypub_content_type?(response) | ||||
|     return true if response.mime_type == 'application/activity+json' | ||||
|  | ||||
|     # When the mime type is `application/ld+json`, we need to check the profile, | ||||
|     # but `http.rb` does not parse it for us. | ||||
|     return false unless response.mime_type == 'application/ld+json' | ||||
|  | ||||
|     response.headers[HTTP::Headers::CONTENT_TYPE]&.split(';')&.map(&:strip)&.any? do |str| | ||||
|       str.start_with?('profile="') && str[9...-1].split.include?('https://www.w3.org/ns/activitystreams') | ||||
|     end | ||||
|   end | ||||
|  | ||||
|   | ||||
| @@ -153,7 +153,8 @@ class ActivityPub::Activity | ||||
|   def fetch_remote_original_status | ||||
|     if object_uri.start_with?('http') | ||||
|       return if ActivityPub::TagManager.instance.local_uri?(object_uri) | ||||
|       ActivityPub::FetchRemoteStatusService.new.call(object_uri, id: true, on_behalf_of: @account.followers.local.first, request_id: @options[:request_id]) | ||||
|  | ||||
|       ActivityPub::FetchRemoteStatusService.new.call(object_uri, on_behalf_of: @account.followers.local.first, request_id: @options[:request_id]) | ||||
|     elsif @object['url'].present? | ||||
|       ::FetchRemoteStatusService.new.call(@object['url'], request_id: @options[:request_id]) | ||||
|     end | ||||
|   | ||||
| @@ -19,7 +19,7 @@ class ActivityPub::LinkedDataSignature | ||||
|     return unless type == 'RsaSignature2017' | ||||
|  | ||||
|     creator = ActivityPub::TagManager.instance.uri_to_actor(creator_uri) | ||||
|     creator = ActivityPub::FetchRemoteKeyService.new.call(creator_uri, id: false) if creator&.public_key.blank? | ||||
|     creator = ActivityPub::FetchRemoteKeyService.new.call(creator_uri) if creator&.public_key.blank? | ||||
|  | ||||
|     return if creator.nil? | ||||
|  | ||||
|   | ||||
| @@ -4,12 +4,32 @@ module ApplicationExtension | ||||
|   extend ActiveSupport::Concern | ||||
|  | ||||
|   included do | ||||
|     include Redisable | ||||
|  | ||||
|     validates :name, length: { maximum: 60 } | ||||
|     validates :website, url: true, length: { maximum: 2_000 }, if: :website? | ||||
|     validates :redirect_uri, length: { maximum: 2_000 } | ||||
|  | ||||
|     # The relationship used between Applications and AccessTokens is using | ||||
|     # dependent: delete_all, which means the ActiveRecord callback in | ||||
|     # AccessTokenExtension is not run, so instead we manually announce to | ||||
|     # streaming that these tokens are being deleted. | ||||
|     before_destroy :push_to_streaming_api, prepend: true | ||||
|   end | ||||
|  | ||||
|   def confirmation_redirect_uri | ||||
|     redirect_uri.lines.first.strip | ||||
|   end | ||||
|  | ||||
|   def push_to_streaming_api | ||||
|     # TODO: #28793 Combine into a single topic | ||||
|     payload = Oj.dump(event: :kill) | ||||
|     access_tokens.in_batches do |tokens| | ||||
|       redis.pipelined do |pipeline| | ||||
|         tokens.ids.each do |id| | ||||
|           pipeline.publish("timeline:access_token:#{id}", payload) | ||||
|         end | ||||
|       end | ||||
|     end | ||||
|   end | ||||
| end | ||||
|   | ||||
| @@ -19,17 +19,18 @@ module Omniauthable | ||||
|   end | ||||
|  | ||||
|   class_methods do | ||||
|     def find_for_oauth(auth, signed_in_resource = nil) | ||||
|     def find_for_omniauth(auth, signed_in_resource = nil) | ||||
|       # EOLE-SSO Patch | ||||
|       auth.uid = (auth.uid[0][:uid] || auth.uid[0][:user]) if auth.uid.is_a? Hashie::Array | ||||
|       identity = Identity.find_for_oauth(auth) | ||||
|       identity = Identity.find_for_omniauth(auth) | ||||
|  | ||||
|       # If a signed_in_resource is provided it always overrides the existing user | ||||
|       # to prevent the identity being locked with accidentally created accounts. | ||||
|       # Note that this may leave zombie accounts (with no associated identity) which | ||||
|       # can be cleaned up at a later date. | ||||
|       user   = signed_in_resource || identity.user | ||||
|       user ||= create_for_oauth(auth) | ||||
|       user ||= reattach_for_auth(auth) | ||||
|       user ||= create_for_auth(auth) | ||||
|  | ||||
|       if identity.user.nil? | ||||
|         identity.user = user | ||||
| @@ -39,19 +40,35 @@ module Omniauthable | ||||
|       user | ||||
|     end | ||||
|  | ||||
|     def create_for_oauth(auth) | ||||
|       # Check if the user exists with provided email. If no email was provided, | ||||
|     private | ||||
|  | ||||
|     def reattach_for_auth(auth) | ||||
|       # If allowed, check if a user exists with the provided email address, | ||||
|       # and return it if they does not have an associated identity with the | ||||
|       # current authentication provider. | ||||
|  | ||||
|       # This can be used to provide a choice of alternative auth providers | ||||
|       # or provide smooth gradual transition between multiple auth providers, | ||||
|       # but this is discouraged because any insecure provider will put *all* | ||||
|       # local users at risk, regardless of which provider they registered with. | ||||
|  | ||||
|       return unless ENV['ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH'] == 'true' | ||||
|  | ||||
|       email, email_is_verified = email_from_auth(auth) | ||||
|       return unless email_is_verified | ||||
|  | ||||
|       user = User.find_by(email: email) | ||||
|       return if user.nil? || Identity.exists?(provider: auth.provider, user_id: user.id) | ||||
|  | ||||
|       user | ||||
|     end | ||||
|  | ||||
|     def create_for_auth(auth) | ||||
|       # Create a user for the given auth params. If no email was provided, | ||||
|       # we assign a temporary email and ask the user to verify it on | ||||
|       # the next step via Auth::SetupController.show | ||||
|  | ||||
|       strategy          = Devise.omniauth_configs[auth.provider.to_sym].strategy | ||||
|       assume_verified   = strategy&.security&.assume_email_is_verified | ||||
|       email_is_verified = auth.info.verified || auth.info.verified_email || auth.info.email_verified || assume_verified | ||||
|       email             = auth.info.verified_email || auth.info.email | ||||
|  | ||||
|       user = User.find_by(email: email) if email_is_verified | ||||
|  | ||||
|       return user unless user.nil? | ||||
|       email, email_is_verified = email_from_auth(auth) | ||||
|  | ||||
|       user = User.new(user_params_from_auth(email, auth)) | ||||
|  | ||||
| @@ -68,7 +85,14 @@ module Omniauthable | ||||
|       user | ||||
|     end | ||||
|  | ||||
|     private | ||||
|     def email_from_auth(auth) | ||||
|       strategy          = Devise.omniauth_configs[auth.provider.to_sym].strategy | ||||
|       assume_verified   = strategy&.security&.assume_email_is_verified | ||||
|       email_is_verified = auth.info.verified || auth.info.verified_email || auth.info.email_verified || assume_verified | ||||
|       email             = auth.info.verified_email || auth.info.email | ||||
|  | ||||
|       [email, email_is_verified] | ||||
|     end | ||||
|  | ||||
|     def user_params_from_auth(email, auth) | ||||
|       { | ||||
|   | ||||
| @@ -16,7 +16,7 @@ class Identity < ApplicationRecord | ||||
|   validates :uid, presence: true, uniqueness: { scope: :provider } | ||||
|   validates :provider, presence: true | ||||
|  | ||||
|   def self.find_for_oauth(auth) | ||||
|   def self.find_for_omniauth(auth) | ||||
|     find_or_create_by(uid: auth.uid, provider: auth.provider) | ||||
|   end | ||||
| end | ||||
|   | ||||
| @@ -399,6 +399,16 @@ class User < ApplicationRecord | ||||
|     Doorkeeper::AccessToken.by_resource_owner(self).in_batches do |batch| | ||||
|       batch.update_all(revoked_at: Time.now.utc) | ||||
|       Web::PushSubscription.where(access_token_id: batch).delete_all | ||||
|  | ||||
|       # Revoke each access token for the Streaming API, since `update_all`` | ||||
|       # doesn't trigger ActiveRecord Callbacks: | ||||
|       # TODO: #28793 Combine into a single topic | ||||
|       payload = Oj.dump(event: :kill) | ||||
|       redis.pipelined do |pipeline| | ||||
|         batch.ids.each do |id| | ||||
|           pipeline.publish("timeline:access_token:#{id}", payload) | ||||
|         end | ||||
|       end | ||||
|     end | ||||
|   end | ||||
|  | ||||
|   | ||||
| @@ -2,7 +2,7 @@ | ||||
|  | ||||
| class ActivityPub::FetchRemoteAccountService < ActivityPub::FetchRemoteActorService | ||||
|   # Does a WebFinger roundtrip on each call, unless `only_key` is true | ||||
|   def call(uri, id: true, prefetched_body: nil, break_on_redirect: false, only_key: false, suppress_errors: true, request_id: nil) | ||||
|   def call(uri, prefetched_body: nil, break_on_redirect: false, only_key: false, suppress_errors: true, request_id: nil) | ||||
|     actor = super | ||||
|     return actor if actor.nil? || actor.is_a?(Account) | ||||
|  | ||||
|   | ||||
| @@ -10,15 +10,15 @@ class ActivityPub::FetchRemoteActorService < BaseService | ||||
|   SUPPORTED_TYPES = %w(Application Group Organization Person Service).freeze | ||||
|  | ||||
|   # Does a WebFinger roundtrip on each call, unless `only_key` is true | ||||
|   def call(uri, id: true, prefetched_body: nil, break_on_redirect: false, only_key: false, suppress_errors: true, request_id: nil) | ||||
|   def call(uri, prefetched_body: nil, break_on_redirect: false, only_key: false, suppress_errors: true, request_id: nil) | ||||
|     return if domain_not_allowed?(uri) | ||||
|     return ActivityPub::TagManager.instance.uri_to_actor(uri) if ActivityPub::TagManager.instance.local_uri?(uri) | ||||
|  | ||||
|     @json = begin | ||||
|       if prefetched_body.nil? | ||||
|         fetch_resource(uri, id) | ||||
|         fetch_resource(uri, true) | ||||
|       else | ||||
|         body_to_json(prefetched_body, compare_id: id ? uri : nil) | ||||
|         body_to_json(prefetched_body, compare_id: uri) | ||||
|       end | ||||
|     rescue Oj::ParseError | ||||
|       raise Error, "Error parsing JSON-LD document #{uri}" | ||||
|   | ||||
| @@ -6,23 +6,10 @@ class ActivityPub::FetchRemoteKeyService < BaseService | ||||
|   class Error < StandardError; end | ||||
|  | ||||
|   # Returns actor that owns the key | ||||
|   def call(uri, id: true, prefetched_body: nil, suppress_errors: true) | ||||
|   def call(uri, suppress_errors: true) | ||||
|     raise Error, 'No key URI given' if uri.blank? | ||||
|  | ||||
|     if prefetched_body.nil? | ||||
|       if id | ||||
|         @json = fetch_resource_without_id_validation(uri) | ||||
|         if actor_type? | ||||
|           @json = fetch_resource(@json['id'], true) | ||||
|         elsif uri != @json['id'] | ||||
|           raise Error, "Fetched URI #{uri} has wrong id #{@json['id']}" | ||||
|         end | ||||
|       else | ||||
|         @json = fetch_resource(uri, id) | ||||
|       end | ||||
|     else | ||||
|       @json = body_to_json(prefetched_body, compare_id: id ? uri : nil) | ||||
|     end | ||||
|     @json = fetch_resource(uri, false) | ||||
|  | ||||
|     raise Error, "Unable to fetch key JSON at #{uri}" if @json.nil? | ||||
|     raise Error, "Unsupported JSON-LD context for document #{uri}" unless supported_context?(@json) | ||||
|   | ||||
| @@ -7,13 +7,13 @@ class ActivityPub::FetchRemoteStatusService < BaseService | ||||
|   DISCOVERIES_PER_REQUEST = 1000 | ||||
|  | ||||
|   # Should be called when uri has already been checked for locality | ||||
|   def call(uri, id: true, prefetched_body: nil, on_behalf_of: nil, expected_actor_uri: nil, request_id: nil) | ||||
|   def call(uri, prefetched_body: nil, on_behalf_of: nil, expected_actor_uri: nil, request_id: nil) | ||||
|     @request_id = request_id || "#{Time.now.utc.to_i}-status-#{uri}" | ||||
|     @json = begin | ||||
|       if prefetched_body.nil? | ||||
|         fetch_resource(uri, id, on_behalf_of) | ||||
|         fetch_resource(uri, true, on_behalf_of) | ||||
|       else | ||||
|         body_to_json(prefetched_body, compare_id: id ? uri : nil) | ||||
|         body_to_json(prefetched_body, compare_id: uri) | ||||
|       end | ||||
|     end | ||||
|  | ||||
| @@ -63,7 +63,7 @@ class ActivityPub::FetchRemoteStatusService < BaseService | ||||
|  | ||||
|   def account_from_uri(uri) | ||||
|     actor = ActivityPub::TagManager.instance.uri_to_resource(uri, Account) | ||||
|     actor = ActivityPub::FetchRemoteAccountService.new.call(uri, id: true, request_id: @request_id) if actor.nil? || actor.possibly_stale? | ||||
|     actor = ActivityPub::FetchRemoteAccountService.new.call(uri, request_id: @request_id) if actor.nil? || actor.possibly_stale? | ||||
|     actor | ||||
|   end | ||||
|  | ||||
|   | ||||
| @@ -274,7 +274,7 @@ class ActivityPub::ProcessAccountService < BaseService | ||||
|  | ||||
|   def moved_account | ||||
|     account   = ActivityPub::TagManager.instance.uri_to_resource(@json['movedTo'], Account) | ||||
|     account ||= ActivityPub::FetchRemoteAccountService.new.call(@json['movedTo'], id: true, break_on_redirect: true, request_id: @options[:request_id]) | ||||
|     account ||= ActivityPub::FetchRemoteAccountService.new.call(@json['movedTo'], break_on_redirect: true, request_id: @options[:request_id]) | ||||
|     account | ||||
|   end | ||||
|  | ||||
|   | ||||
| @@ -43,11 +43,19 @@ class FetchResourceService < BaseService | ||||
|     @response_code = response.code | ||||
|     return nil if response.code != 200 | ||||
|  | ||||
|     if ['application/activity+json', 'application/ld+json'].include?(response.mime_type) | ||||
|     if valid_activitypub_content_type?(response) | ||||
|       body = response.body_with_limit | ||||
|       json = body_to_json(body) | ||||
|  | ||||
|       [json['id'], { prefetched_body: body, id: true }] if supported_context?(json) && (equals_or_includes_any?(json['type'], ActivityPub::FetchRemoteActorService::SUPPORTED_TYPES) || expected_type?(json)) | ||||
|       return unless supported_context?(json) && (equals_or_includes_any?(json['type'], ActivityPub::FetchRemoteActorService::SUPPORTED_TYPES) || expected_type?(json)) | ||||
|  | ||||
|       if json['id'] != @url | ||||
|         return if terminal | ||||
|  | ||||
|         return process(json['id'], terminal: true) | ||||
|       end | ||||
|  | ||||
|       [@url, { prefetched_body: body }] | ||||
|     elsif !terminal | ||||
|       link_header = response['Link'] && parse_link_header(response) | ||||
|  | ||||
|   | ||||
| @@ -19,9 +19,14 @@ Doorkeeper.configure do | ||||
|     user unless user&.otp_required_for_login? | ||||
|   end | ||||
|  | ||||
|   # If you want to restrict access to the web interface for adding oauth authorized applications, you need to declare the block below. | ||||
|   # Doorkeeper provides some administrative interfaces for managing OAuth | ||||
|   # Applications, allowing creation, edit, and deletion of applications from the | ||||
|   # server. At present, these administrative routes are not integrated into | ||||
|   # Mastodon, and as such, we've disabled them by always return a 403 forbidden | ||||
|   # response for them. This does not affect the ability for users to manage | ||||
|   # their own OAuth Applications. | ||||
|   admin_authenticator do | ||||
|     current_user&.admin? || redirect_to(new_user_session_url) | ||||
|     head 403 | ||||
|   end | ||||
|  | ||||
|   # Authorization Code expiration time (default 10 minutes). | ||||
|   | ||||
| @@ -12,6 +12,7 @@ en: | ||||
|       last_attempt: You have one more attempt before your account is locked. | ||||
|       locked: Your account is locked. | ||||
|       not_found_in_database: Invalid %{authentication_keys} or password. | ||||
|       omniauth_user_creation_failure: Error creating an account for this identity. | ||||
|       pending: Your account is still under review. | ||||
|       timeout: Your session expired. Please sign in again to continue. | ||||
|       unauthenticated: You need to sign in or sign up before continuing. | ||||
|   | ||||
| @@ -1,6 +1,6 @@ | ||||
| # frozen_string_literal: true | ||||
|  | ||||
| require 'sidekiq_unique_jobs/web' | ||||
| require 'sidekiq_unique_jobs/web' if ENV['ENABLE_SIDEKIQ_UNIQUE_JOBS_UI'] == true | ||||
| require 'sidekiq-scheduler/web' | ||||
|  | ||||
| Rails.application.routes.draw do | ||||
|   | ||||
| @@ -56,7 +56,7 @@ services: | ||||
|  | ||||
|   web: | ||||
|     build: . | ||||
|     image: ghcr.io/mastodon/mastodon:v4.1.12 | ||||
|     image: ghcr.io/mastodon/mastodon:v4.1.15 | ||||
|     restart: always | ||||
|     env_file: .env.production | ||||
|     command: bash -c "rm -f /mastodon/tmp/pids/server.pid; bundle exec rails s -p 3000" | ||||
| @@ -77,7 +77,7 @@ services: | ||||
|  | ||||
|   streaming: | ||||
|     build: . | ||||
|     image: ghcr.io/mastodon/mastodon:v4.1.12 | ||||
|     image: ghcr.io/mastodon/mastodon:v4.1.15 | ||||
|     restart: always | ||||
|     env_file: .env.production | ||||
|     command: node ./streaming | ||||
| @@ -95,7 +95,7 @@ services: | ||||
|  | ||||
|   sidekiq: | ||||
|     build: . | ||||
|     image: ghcr.io/mastodon/mastodon:v4.1.12 | ||||
|     image: ghcr.io/mastodon/mastodon:v4.1.15 | ||||
|     restart: always | ||||
|     env_file: .env.production | ||||
|     command: bundle exec sidekiq | ||||
|   | ||||
| @@ -13,7 +13,7 @@ module Mastodon | ||||
|     end | ||||
|  | ||||
|     def patch | ||||
|       12 | ||||
|       15 | ||||
|     end | ||||
|  | ||||
|     def flags | ||||
|   | ||||
							
								
								
									
										11
									
								
								lib/tasks/sidekiq_unique_jobs.rake
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										11
									
								
								lib/tasks/sidekiq_unique_jobs.rake
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,11 @@ | ||||
| # frozen_string_literal: true | ||||
|  | ||||
| namespace :sidekiq_unique_jobs do | ||||
|   task delete_all_locks: :environment do | ||||
|     digests = SidekiqUniqueJobs::Digests.new | ||||
|     digests.delete_by_pattern('*', count: digests.count) | ||||
|  | ||||
|     expiring_digests = SidekiqUniqueJobs::ExpiringDigests.new | ||||
|     expiring_digests.delete_by_pattern('*', count: expiring_digests.count) | ||||
|   end | ||||
| end | ||||
| @@ -56,15 +56,15 @@ describe JsonLdHelper do | ||||
|   describe '#fetch_resource' do | ||||
|     context 'when the second argument is false' do | ||||
|       it 'returns resource even if the retrieved ID and the given URI does not match' do | ||||
|         stub_request(:get, 'https://bob.test/').to_return body: '{"id": "https://alice.test/"}' | ||||
|         stub_request(:get, 'https://alice.test/').to_return body: '{"id": "https://alice.test/"}' | ||||
|         stub_request(:get, 'https://bob.test/').to_return(body: '{"id": "https://alice.test/"}', headers: { 'Content-Type': 'application/activity+json' }) | ||||
|         stub_request(:get, 'https://alice.test/').to_return(body: '{"id": "https://alice.test/"}', headers: { 'Content-Type': 'application/activity+json' }) | ||||
|  | ||||
|         expect(fetch_resource('https://bob.test/', false)).to eq({ 'id' => 'https://alice.test/' }) | ||||
|       end | ||||
|  | ||||
|       it 'returns nil if the object identified by the given URI and the object identified by the retrieved ID does not match' do | ||||
|         stub_request(:get, 'https://mallory.test/').to_return body: '{"id": "https://marvin.test/"}' | ||||
|         stub_request(:get, 'https://marvin.test/').to_return body: '{"id": "https://alice.test/"}' | ||||
|         stub_request(:get, 'https://mallory.test/').to_return(body: '{"id": "https://marvin.test/"}', headers: { 'Content-Type': 'application/activity+json' }) | ||||
|         stub_request(:get, 'https://marvin.test/').to_return(body: '{"id": "https://alice.test/"}', headers: { 'Content-Type': 'application/activity+json' }) | ||||
|  | ||||
|         expect(fetch_resource('https://mallory.test/', false)).to eq nil | ||||
|       end | ||||
| @@ -72,7 +72,7 @@ describe JsonLdHelper do | ||||
|  | ||||
|     context 'when the second argument is true' do | ||||
|       it 'returns nil if the retrieved ID and the given URI does not match' do | ||||
|         stub_request(:get, 'https://mallory.test/').to_return body: '{"id": "https://alice.test/"}' | ||||
|         stub_request(:get, 'https://mallory.test/').to_return(body: '{"id": "https://alice.test/"}', headers: { 'Content-Type': 'application/activity+json' }) | ||||
|         expect(fetch_resource('https://mallory.test/', true)).to eq nil | ||||
|       end | ||||
|     end | ||||
| @@ -80,12 +80,12 @@ describe JsonLdHelper do | ||||
|  | ||||
|   describe '#fetch_resource_without_id_validation' do | ||||
|     it 'returns nil if the status code is not 200' do | ||||
|       stub_request(:get, 'https://host.test/').to_return status: 400, body: '{}' | ||||
|       stub_request(:get, 'https://host.test/').to_return(status: 400, body: '{}', headers: { 'Content-Type': 'application/activity+json' }) | ||||
|       expect(fetch_resource_without_id_validation('https://host.test/')).to eq nil | ||||
|     end | ||||
|  | ||||
|     it 'returns hash' do | ||||
|       stub_request(:get, 'https://host.test/').to_return status: 200, body: '{}' | ||||
|       stub_request(:get, 'https://host.test/').to_return(status: 200, body: '{}', headers: { 'Content-Type': 'application/activity+json' }) | ||||
|       expect(fetch_resource_without_id_validation('https://host.test/')).to eq({}) | ||||
|     end | ||||
|   end | ||||
|   | ||||
| @@ -33,7 +33,7 @@ RSpec.describe ActivityPub::Activity::Announce do | ||||
|     context 'when sender is followed by a local account' do | ||||
|       before do | ||||
|         Fabricate(:account).follow!(sender) | ||||
|         stub_request(:get, 'https://example.com/actor/hello-world').to_return(body: Oj.dump(unknown_object_json)) | ||||
|         stub_request(:get, 'https://example.com/actor/hello-world').to_return(body: Oj.dump(unknown_object_json), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|         subject.perform | ||||
|       end | ||||
|  | ||||
| @@ -118,7 +118,7 @@ RSpec.describe ActivityPub::Activity::Announce do | ||||
|       subject { described_class.new(json, sender, relayed_through_actor: relay_account) } | ||||
|  | ||||
|       before do | ||||
|         stub_request(:get, 'https://example.com/actor/hello-world').to_return(body: Oj.dump(unknown_object_json)) | ||||
|         stub_request(:get, 'https://example.com/actor/hello-world').to_return(body: Oj.dump(unknown_object_json), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|       end | ||||
|  | ||||
|       context 'and the relay is enabled' do | ||||
|   | ||||
| @@ -58,7 +58,7 @@ RSpec.describe ActivityPub::LinkedDataSignature do | ||||
|  | ||||
|         allow(ActivityPub::FetchRemoteKeyService).to receive(:new).and_return(service_stub) | ||||
|  | ||||
|         allow(service_stub).to receive(:call).with('http://example.com/alice', id: false) do | ||||
|         allow(service_stub).to receive(:call).with('http://example.com/alice') do | ||||
|           sender.update!(public_key: old_key) | ||||
|           sender | ||||
|         end | ||||
| @@ -66,7 +66,7 @@ RSpec.describe ActivityPub::LinkedDataSignature do | ||||
|  | ||||
|       it 'fetches key and returns creator' do | ||||
|         expect(subject.verify_actor!).to eq sender | ||||
|         expect(service_stub).to have_received(:call).with('http://example.com/alice', id: false).once | ||||
|         expect(service_stub).to have_received(:call).with('http://example.com/alice').once | ||||
|       end | ||||
|     end | ||||
|  | ||||
|   | ||||
| @@ -1,16 +1,16 @@ | ||||
| require 'rails_helper' | ||||
|  | ||||
| RSpec.describe Identity, type: :model do | ||||
|   describe '.find_for_oauth' do | ||||
|   describe '.find_for_omniauth' do | ||||
|     let(:auth) { Fabricate(:identity, user: Fabricate(:user)) } | ||||
|  | ||||
|     it 'calls .find_or_create_by' do | ||||
|       expect(described_class).to receive(:find_or_create_by).with(uid: auth.uid, provider: auth.provider) | ||||
|       described_class.find_for_oauth(auth) | ||||
|       described_class.find_for_omniauth(auth) | ||||
|     end | ||||
|  | ||||
|     it 'returns an instance of Identity' do | ||||
|       expect(described_class.find_for_oauth(auth)).to be_instance_of Identity | ||||
|       expect(described_class.find_for_omniauth(auth)).to be_instance_of Identity | ||||
|     end | ||||
|   end | ||||
| end | ||||
|   | ||||
| @@ -439,7 +439,10 @@ RSpec.describe User, type: :model do | ||||
|     let!(:access_token) { Fabricate(:access_token, resource_owner_id: user.id) } | ||||
|     let!(:web_push_subscription) { Fabricate(:web_push_subscription, access_token: access_token) } | ||||
|  | ||||
|     let(:redis_pipeline_stub) { instance_double(Redis::Namespace, publish: nil) } | ||||
|  | ||||
|     before do | ||||
|       allow(redis).to receive(:pipelined).and_yield(redis_pipeline_stub) | ||||
|       user.reset_password! | ||||
|     end | ||||
|  | ||||
| @@ -455,6 +458,10 @@ RSpec.describe User, type: :model do | ||||
|       expect(Doorkeeper::AccessToken.active_for(user).count).to eq 0 | ||||
|     end | ||||
|  | ||||
|     it 'revokes streaming access for all access tokens' do | ||||
|       expect(redis_pipeline_stub).to have_received(:publish).with("timeline:access_token:#{access_token.id}", Oj.dump(event: :kill)).once | ||||
|     end | ||||
|  | ||||
|     it 'removes push subscriptions' do | ||||
|       expect(Web::PushSubscription.where(user: user).or(Web::PushSubscription.where(access_token: access_token)).count).to eq 0 | ||||
|     end | ||||
|   | ||||
							
								
								
									
										83
									
								
								spec/requests/disabled_oauth_endpoints_spec.rb
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										83
									
								
								spec/requests/disabled_oauth_endpoints_spec.rb
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,83 @@ | ||||
| # frozen_string_literal: true | ||||
|  | ||||
| require 'rails_helper' | ||||
|  | ||||
| describe 'Disabled OAuth routes' do | ||||
|   # These routes are disabled via the doorkeeper configuration for | ||||
|   # `admin_authenticator`, as these routes should only be accessible by server | ||||
|   # administrators. For now, these routes are not properly designed and | ||||
|   # integrated into Mastodon, so we're disabling them completely | ||||
|   describe 'GET /oauth/applications' do | ||||
|     it 'returns 403 forbidden' do | ||||
|       get oauth_applications_path | ||||
|  | ||||
|       expect(response).to have_http_status(403) | ||||
|     end | ||||
|   end | ||||
|  | ||||
|   describe 'POST /oauth/applications' do | ||||
|     it 'returns 403 forbidden' do | ||||
|       post oauth_applications_path | ||||
|  | ||||
|       expect(response).to have_http_status(403) | ||||
|     end | ||||
|   end | ||||
|  | ||||
|   describe 'GET /oauth/applications/new' do | ||||
|     it 'returns 403 forbidden' do | ||||
|       get new_oauth_application_path | ||||
|  | ||||
|       expect(response).to have_http_status(403) | ||||
|     end | ||||
|   end | ||||
|  | ||||
|   describe 'GET /oauth/applications/:id' do | ||||
|     let(:application) { Fabricate(:application, scopes: 'read') } | ||||
|  | ||||
|     it 'returns 403 forbidden' do | ||||
|       get oauth_application_path(application) | ||||
|  | ||||
|       expect(response).to have_http_status(403) | ||||
|     end | ||||
|   end | ||||
|  | ||||
|   describe 'PATCH /oauth/applications/:id' do | ||||
|     let(:application) { Fabricate(:application, scopes: 'read') } | ||||
|  | ||||
|     it 'returns 403 forbidden' do | ||||
|       patch oauth_application_path(application) | ||||
|  | ||||
|       expect(response).to have_http_status(403) | ||||
|     end | ||||
|   end | ||||
|  | ||||
|   describe 'PUT /oauth/applications/:id' do | ||||
|     let(:application) { Fabricate(:application, scopes: 'read') } | ||||
|  | ||||
|     it 'returns 403 forbidden' do | ||||
|       put oauth_application_path(application) | ||||
|  | ||||
|       expect(response).to have_http_status(403) | ||||
|     end | ||||
|   end | ||||
|  | ||||
|   describe 'DELETE /oauth/applications/:id' do | ||||
|     let(:application) { Fabricate(:application, scopes: 'read') } | ||||
|  | ||||
|     it 'returns 403 forbidden' do | ||||
|       delete oauth_application_path(application) | ||||
|  | ||||
|       expect(response).to have_http_status(403) | ||||
|     end | ||||
|   end | ||||
|  | ||||
|   describe 'GET /oauth/applications/:id/edit' do | ||||
|     let(:application) { Fabricate(:application, scopes: 'read') } | ||||
|  | ||||
|     it 'returns 403 forbidden' do | ||||
|       get edit_oauth_application_path(application) | ||||
|  | ||||
|       expect(response).to have_http_status(403) | ||||
|     end | ||||
|   end | ||||
| end | ||||
							
								
								
									
										143
									
								
								spec/requests/omniauth_callbacks_spec.rb
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										143
									
								
								spec/requests/omniauth_callbacks_spec.rb
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,143 @@ | ||||
| # frozen_string_literal: true | ||||
|  | ||||
| require 'rails_helper' | ||||
|  | ||||
| describe 'OmniAuth callbacks' do | ||||
|   shared_examples 'omniauth provider callbacks' do |provider| | ||||
|     subject { post send :"user_#{provider}_omniauth_callback_path" } | ||||
|  | ||||
|     context 'with full information in response' do | ||||
|       before do | ||||
|         mock_omniauth(provider, { | ||||
|           provider: provider.to_s, | ||||
|           uid: '123', | ||||
|           info: { | ||||
|             verified: 'true', | ||||
|             email: 'user@host.example', | ||||
|           }, | ||||
|         }) | ||||
|       end | ||||
|  | ||||
|       context 'without a matching user' do | ||||
|         it 'creates a user and an identity and redirects to root path' do | ||||
|           expect { subject } | ||||
|             .to change(User, :count) | ||||
|             .by(1) | ||||
|             .and change(Identity, :count) | ||||
|             .by(1) | ||||
|             .and change(LoginActivity, :count) | ||||
|             .by(1) | ||||
|  | ||||
|           expect(User.last.email).to eq('user@host.example') | ||||
|           expect(Identity.find_by(user: User.last).uid).to eq('123') | ||||
|           expect(response).to redirect_to(root_path) | ||||
|         end | ||||
|       end | ||||
|  | ||||
|       context 'with a matching user and no matching identity' do | ||||
|         before do | ||||
|           Fabricate(:user, email: 'user@host.example') | ||||
|         end | ||||
|  | ||||
|         context 'when ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH is set to true' do | ||||
|           around do |example| | ||||
|             ClimateControl.modify ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH: 'true' do | ||||
|               example.run | ||||
|             end | ||||
|           end | ||||
|  | ||||
|           it 'matches the existing user, creates an identity, and redirects to root path' do | ||||
|             expect { subject } | ||||
|               .to not_change(User, :count) | ||||
|               .and change(Identity, :count) | ||||
|               .by(1) | ||||
|               .and change(LoginActivity, :count) | ||||
|               .by(1) | ||||
|  | ||||
|             expect(Identity.find_by(user: User.last).uid).to eq('123') | ||||
|             expect(response).to redirect_to(root_path) | ||||
|           end | ||||
|         end | ||||
|  | ||||
|         context 'when ALLOW_UNSAFE_AUTH_PROVIDER_REATTACH is not set to true' do | ||||
|           it 'does not match the existing user or create an identity, and redirects to login page' do | ||||
|             expect { subject } | ||||
|               .to not_change(User, :count) | ||||
|               .and not_change(Identity, :count) | ||||
|               .and not_change(LoginActivity, :count) | ||||
|  | ||||
|             expect(response).to redirect_to(new_user_session_url) | ||||
|           end | ||||
|         end | ||||
|       end | ||||
|  | ||||
|       context 'with a matching user and a matching identity' do | ||||
|         before do | ||||
|           user = Fabricate(:user, email: 'user@host.example') | ||||
|           Fabricate(:identity, user: user, uid: '123', provider: provider) | ||||
|         end | ||||
|  | ||||
|         it 'matches the existing records and redirects to root path' do | ||||
|           expect { subject } | ||||
|             .to not_change(User, :count) | ||||
|             .and not_change(Identity, :count) | ||||
|             .and change(LoginActivity, :count) | ||||
|             .by(1) | ||||
|  | ||||
|           expect(response).to redirect_to(root_path) | ||||
|         end | ||||
|       end | ||||
|     end | ||||
|  | ||||
|     context 'with a response missing email address' do | ||||
|       before do | ||||
|         mock_omniauth(provider, { | ||||
|           provider: provider.to_s, | ||||
|           uid: '123', | ||||
|           info: { | ||||
|             verified: 'true', | ||||
|           }, | ||||
|         }) | ||||
|       end | ||||
|  | ||||
|       it 'redirects to the auth setup page' do | ||||
|         expect { subject } | ||||
|           .to change(User, :count) | ||||
|           .by(1) | ||||
|           .and change(Identity, :count) | ||||
|           .by(1) | ||||
|           .and change(LoginActivity, :count) | ||||
|           .by(1) | ||||
|  | ||||
|         expect(response).to redirect_to(auth_setup_path(missing_email: '1')) | ||||
|       end | ||||
|     end | ||||
|  | ||||
|     context 'when a user cannot be built' do | ||||
|       before do | ||||
|         allow(User).to receive(:find_for_omniauth).and_return(User.new) | ||||
|       end | ||||
|  | ||||
|       it 'redirects to the new user signup page' do | ||||
|         expect { subject } | ||||
|           .to not_change(User, :count) | ||||
|           .and not_change(Identity, :count) | ||||
|           .and not_change(LoginActivity, :count) | ||||
|  | ||||
|         expect(response).to redirect_to(new_user_registration_url) | ||||
|       end | ||||
|     end | ||||
|   end | ||||
|  | ||||
|   describe '#openid_connect', if: ENV['OIDC_ENABLED'] == 'true' && ENV['OIDC_SCOPE'].present? do | ||||
|     include_examples 'omniauth provider callbacks', :openid_connect | ||||
|   end | ||||
|  | ||||
|   describe '#cas', if: ENV['CAS_ENABLED'] == 'true' do | ||||
|     include_examples 'omniauth provider callbacks', :cas | ||||
|   end | ||||
|  | ||||
|   describe '#saml', if: ENV['SAML_ENABLED'] == 'true' do | ||||
|     include_examples 'omniauth provider callbacks', :saml | ||||
|   end | ||||
| end | ||||
| @@ -60,10 +60,10 @@ RSpec.describe ActivityPub::FetchFeaturedCollectionService, type: :service do | ||||
|  | ||||
|   shared_examples 'sets pinned posts' do | ||||
|     before do | ||||
|       stub_request(:get, 'https://example.com/account/pinned/1').to_return(status: 200, body: Oj.dump(status_json_1)) | ||||
|       stub_request(:get, 'https://example.com/account/pinned/2').to_return(status: 200, body: Oj.dump(status_json_2)) | ||||
|       stub_request(:get, 'https://example.com/account/pinned/1').to_return(status: 200, body: Oj.dump(status_json_1), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|       stub_request(:get, 'https://example.com/account/pinned/2').to_return(status: 200, body: Oj.dump(status_json_2), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|       stub_request(:get, 'https://example.com/account/pinned/3').to_return(status: 404) | ||||
|       stub_request(:get, 'https://example.com/account/pinned/4').to_return(status: 200, body: Oj.dump(status_json_4)) | ||||
|       stub_request(:get, 'https://example.com/account/pinned/4').to_return(status: 200, body: Oj.dump(status_json_4), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|  | ||||
|       subject.call(actor, note: true, hashtag: false) | ||||
|     end | ||||
| @@ -76,7 +76,7 @@ RSpec.describe ActivityPub::FetchFeaturedCollectionService, type: :service do | ||||
|   describe '#call' do | ||||
|     context 'when the endpoint is a Collection' do | ||||
|       before do | ||||
|         stub_request(:get, actor.featured_collection_url).to_return(status: 200, body: Oj.dump(payload)) | ||||
|         stub_request(:get, actor.featured_collection_url).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|       end | ||||
|  | ||||
|       it_behaves_like 'sets pinned posts' | ||||
| @@ -93,7 +93,7 @@ RSpec.describe ActivityPub::FetchFeaturedCollectionService, type: :service do | ||||
|       end | ||||
|  | ||||
|       before do | ||||
|         stub_request(:get, actor.featured_collection_url).to_return(status: 200, body: Oj.dump(payload)) | ||||
|         stub_request(:get, actor.featured_collection_url).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|       end | ||||
|  | ||||
|       it_behaves_like 'sets pinned posts' | ||||
| @@ -102,7 +102,7 @@ RSpec.describe ActivityPub::FetchFeaturedCollectionService, type: :service do | ||||
|         let(:items) { 'https://example.com/account/pinned/4' } | ||||
|  | ||||
|         before do | ||||
|           stub_request(:get, 'https://example.com/account/pinned/4').to_return(status: 200, body: Oj.dump(status_json_4)) | ||||
|           stub_request(:get, 'https://example.com/account/pinned/4').to_return(status: 200, body: Oj.dump(status_json_4), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|           subject.call(actor, note: true, hashtag: false) | ||||
|         end | ||||
|  | ||||
| @@ -129,7 +129,7 @@ RSpec.describe ActivityPub::FetchFeaturedCollectionService, type: :service do | ||||
|       end | ||||
|  | ||||
|       before do | ||||
|         stub_request(:get, actor.featured_collection_url).to_return(status: 200, body: Oj.dump(payload)) | ||||
|         stub_request(:get, actor.featured_collection_url).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|       end | ||||
|  | ||||
|       it_behaves_like 'sets pinned posts' | ||||
| @@ -138,7 +138,7 @@ RSpec.describe ActivityPub::FetchFeaturedCollectionService, type: :service do | ||||
|         let(:items) { 'https://example.com/account/pinned/4' } | ||||
|  | ||||
|         before do | ||||
|           stub_request(:get, 'https://example.com/account/pinned/4').to_return(status: 200, body: Oj.dump(status_json_4)) | ||||
|           stub_request(:get, 'https://example.com/account/pinned/4').to_return(status: 200, body: Oj.dump(status_json_4), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|           subject.call(actor, note: true, hashtag: false) | ||||
|         end | ||||
|  | ||||
|   | ||||
| @@ -36,7 +36,7 @@ RSpec.describe ActivityPub::FetchFeaturedTagsCollectionService, type: :service d | ||||
|   describe '#call' do | ||||
|     context 'when the endpoint is a Collection' do | ||||
|       before do | ||||
|         stub_request(:get, collection_url).to_return(status: 200, body: Oj.dump(payload)) | ||||
|         stub_request(:get, collection_url).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|       end | ||||
|  | ||||
|       it_behaves_like 'sets featured tags' | ||||
| @@ -44,7 +44,7 @@ RSpec.describe ActivityPub::FetchFeaturedTagsCollectionService, type: :service d | ||||
|  | ||||
|     context 'when the account already has featured tags' do | ||||
|       before do | ||||
|         stub_request(:get, collection_url).to_return(status: 200, body: Oj.dump(payload)) | ||||
|         stub_request(:get, collection_url).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|  | ||||
|         actor.featured_tags.create!(name: 'FoO') | ||||
|         actor.featured_tags.create!(name: 'baz') | ||||
| @@ -65,7 +65,7 @@ RSpec.describe ActivityPub::FetchFeaturedTagsCollectionService, type: :service d | ||||
|       end | ||||
|  | ||||
|       before do | ||||
|         stub_request(:get, collection_url).to_return(status: 200, body: Oj.dump(payload)) | ||||
|         stub_request(:get, collection_url).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|       end | ||||
|  | ||||
|       it_behaves_like 'sets featured tags' | ||||
| @@ -86,7 +86,7 @@ RSpec.describe ActivityPub::FetchFeaturedTagsCollectionService, type: :service d | ||||
|       end | ||||
|  | ||||
|       before do | ||||
|         stub_request(:get, collection_url).to_return(status: 200, body: Oj.dump(payload)) | ||||
|         stub_request(:get, collection_url).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|       end | ||||
|  | ||||
|       it_behaves_like 'sets featured tags' | ||||
|   | ||||
| @@ -16,7 +16,7 @@ RSpec.describe ActivityPub::FetchRemoteAccountService, type: :service do | ||||
|   end | ||||
|  | ||||
|   describe '#call' do | ||||
|     let(:account) { subject.call('https://example.com/alice', id: true) } | ||||
|     let(:account) { subject.call('https://example.com/alice') } | ||||
|  | ||||
|     shared_examples 'sets profile data' do | ||||
|       it 'returns an account' do | ||||
| @@ -42,7 +42,7 @@ RSpec.describe ActivityPub::FetchRemoteAccountService, type: :service do | ||||
|       before do | ||||
|         actor[:inbox] = nil | ||||
|  | ||||
|         stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor)) | ||||
|         stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|         stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' }) | ||||
|       end | ||||
|  | ||||
| @@ -65,7 +65,7 @@ RSpec.describe ActivityPub::FetchRemoteAccountService, type: :service do | ||||
|       let!(:webfinger) { { subject: 'acct:alice@example.com', links: [{ rel: 'self', href: 'https://example.com/alice' }] } } | ||||
|  | ||||
|       before do | ||||
|         stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor)) | ||||
|         stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|         stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' }) | ||||
|       end | ||||
|  | ||||
| @@ -91,7 +91,7 @@ RSpec.describe ActivityPub::FetchRemoteAccountService, type: :service do | ||||
|       let!(:webfinger) { { subject: 'acct:alice@iscool.af', links: [{ rel: 'self', href: 'https://example.com/alice' }] } } | ||||
|  | ||||
|       before do | ||||
|         stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor)) | ||||
|         stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|         stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' }) | ||||
|         stub_request(:get, 'https://iscool.af/.well-known/webfinger?resource=acct:alice@iscool.af').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' }) | ||||
|       end | ||||
| @@ -123,7 +123,7 @@ RSpec.describe ActivityPub::FetchRemoteAccountService, type: :service do | ||||
|       let!(:webfinger) { { subject: 'acct:alice@example.com', links: [{ rel: 'self', href: 'https://example.com/bob' }] } } | ||||
|  | ||||
|       before do | ||||
|         stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor)) | ||||
|         stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|         stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' }) | ||||
|       end | ||||
|  | ||||
| @@ -146,7 +146,7 @@ RSpec.describe ActivityPub::FetchRemoteAccountService, type: :service do | ||||
|       let!(:webfinger) { { subject: 'acct:alice@iscool.af', links: [{ rel: 'self', href: 'https://example.com/bob' }] } } | ||||
|  | ||||
|       before do | ||||
|         stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor)) | ||||
|         stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|         stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' }) | ||||
|         stub_request(:get, 'https://iscool.af/.well-known/webfinger?resource=acct:alice@iscool.af').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' }) | ||||
|       end | ||||
|   | ||||
| @@ -16,7 +16,7 @@ RSpec.describe ActivityPub::FetchRemoteActorService, type: :service do | ||||
|   end | ||||
|  | ||||
|   describe '#call' do | ||||
|     let(:account) { subject.call('https://example.com/alice', id: true) } | ||||
|     let(:account) { subject.call('https://example.com/alice') } | ||||
|  | ||||
|     shared_examples 'sets profile data' do | ||||
|       it 'returns an account' do | ||||
| @@ -42,7 +42,7 @@ RSpec.describe ActivityPub::FetchRemoteActorService, type: :service do | ||||
|       before do | ||||
|         actor[:inbox] = nil | ||||
|  | ||||
|         stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor)) | ||||
|         stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|         stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' }) | ||||
|       end | ||||
|  | ||||
| @@ -65,7 +65,7 @@ RSpec.describe ActivityPub::FetchRemoteActorService, type: :service do | ||||
|       let!(:webfinger) { { subject: 'acct:alice@example.com', links: [{ rel: 'self', href: 'https://example.com/alice' }] } } | ||||
|  | ||||
|       before do | ||||
|         stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor)) | ||||
|         stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|         stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' }) | ||||
|       end | ||||
|  | ||||
| @@ -91,7 +91,7 @@ RSpec.describe ActivityPub::FetchRemoteActorService, type: :service do | ||||
|       let!(:webfinger) { { subject: 'acct:alice@iscool.af', links: [{ rel: 'self', href: 'https://example.com/alice' }] } } | ||||
|  | ||||
|       before do | ||||
|         stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor)) | ||||
|         stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|         stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' }) | ||||
|         stub_request(:get, 'https://iscool.af/.well-known/webfinger?resource=acct:alice@iscool.af').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' }) | ||||
|       end | ||||
| @@ -123,7 +123,7 @@ RSpec.describe ActivityPub::FetchRemoteActorService, type: :service do | ||||
|       let!(:webfinger) { { subject: 'acct:alice@example.com', links: [{ rel: 'self', href: 'https://example.com/bob' }] } } | ||||
|  | ||||
|       before do | ||||
|         stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor)) | ||||
|         stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|         stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' }) | ||||
|       end | ||||
|  | ||||
| @@ -146,7 +146,7 @@ RSpec.describe ActivityPub::FetchRemoteActorService, type: :service do | ||||
|       let!(:webfinger) { { subject: 'acct:alice@iscool.af', links: [{ rel: 'self', href: 'https://example.com/bob' }] } } | ||||
|  | ||||
|       before do | ||||
|         stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor)) | ||||
|         stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|         stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' }) | ||||
|         stub_request(:get, 'https://iscool.af/.well-known/webfinger?resource=acct:alice@iscool.af').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' }) | ||||
|       end | ||||
|   | ||||
| @@ -38,16 +38,16 @@ RSpec.describe ActivityPub::FetchRemoteKeyService, type: :service do | ||||
|   end | ||||
|  | ||||
|   before do | ||||
|     stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor)) | ||||
|     stub_request(:get, 'https://example.com/alice').to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|     stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:alice@example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' }) | ||||
|   end | ||||
|  | ||||
|   describe '#call' do | ||||
|     let(:account) { subject.call(public_key_id, id: false) } | ||||
|     let(:account) { subject.call(public_key_id) } | ||||
|  | ||||
|     context 'when the key is a sub-object from the actor' do | ||||
|       before do | ||||
|         stub_request(:get, public_key_id).to_return(body: Oj.dump(actor)) | ||||
|         stub_request(:get, public_key_id).to_return(body: Oj.dump(actor), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|       end | ||||
|  | ||||
|       it 'returns the expected account' do | ||||
| @@ -59,7 +59,7 @@ RSpec.describe ActivityPub::FetchRemoteKeyService, type: :service do | ||||
|       let(:public_key_id) { 'https://example.com/alice-public-key.json' } | ||||
|  | ||||
|       before do | ||||
|         stub_request(:get, public_key_id).to_return(body: Oj.dump(key_json.merge({ '@context': ['https://www.w3.org/ns/activitystreams', 'https://w3id.org/security/v1'] }))) | ||||
|         stub_request(:get, public_key_id).to_return(body: Oj.dump(key_json.merge({ '@context': ['https://www.w3.org/ns/activitystreams', 'https://w3id.org/security/v1'] })), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|       end | ||||
|  | ||||
|       it 'returns the expected account' do | ||||
| @@ -72,7 +72,7 @@ RSpec.describe ActivityPub::FetchRemoteKeyService, type: :service do | ||||
|       let(:actor_public_key) { 'https://example.com/alice-public-key.json' } | ||||
|  | ||||
|       before do | ||||
|         stub_request(:get, public_key_id).to_return(body: Oj.dump(key_json.merge({ '@context': ['https://www.w3.org/ns/activitystreams', 'https://w3id.org/security/v1'] }))) | ||||
|         stub_request(:get, public_key_id).to_return(body: Oj.dump(key_json.merge({ '@context': ['https://www.w3.org/ns/activitystreams', 'https://w3id.org/security/v1'] })), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|       end | ||||
|  | ||||
|       it 'returns the nil' do | ||||
|   | ||||
| @@ -53,7 +53,7 @@ RSpec.describe ActivityPub::FetchRepliesService, type: :service do | ||||
|  | ||||
|       context 'when passing the URL to the collection' do | ||||
|         before do | ||||
|           stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload)) | ||||
|           stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|         end | ||||
|  | ||||
|         it 'spawns workers for up to 5 replies on the same server' do | ||||
| @@ -82,7 +82,7 @@ RSpec.describe ActivityPub::FetchRepliesService, type: :service do | ||||
|  | ||||
|       context 'when passing the URL to the collection' do | ||||
|         before do | ||||
|           stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload)) | ||||
|           stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|         end | ||||
|  | ||||
|         it 'spawns workers for up to 5 replies on the same server' do | ||||
| @@ -115,7 +115,7 @@ RSpec.describe ActivityPub::FetchRepliesService, type: :service do | ||||
|  | ||||
|       context 'when passing the URL to the collection' do | ||||
|         before do | ||||
|           stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload)) | ||||
|           stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|         end | ||||
|  | ||||
|         it 'spawns workers for up to 5 replies on the same server' do | ||||
|   | ||||
| @@ -58,7 +58,7 @@ RSpec.describe ActivityPub::SynchronizeFollowersService, type: :service do | ||||
|   describe '#call' do | ||||
|     context 'when the endpoint is a Collection of actor URIs' do | ||||
|       before do | ||||
|         stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload)) | ||||
|         stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|       end | ||||
|  | ||||
|       it_behaves_like 'synchronizes followers' | ||||
| @@ -75,7 +75,7 @@ RSpec.describe ActivityPub::SynchronizeFollowersService, type: :service do | ||||
|       end | ||||
|  | ||||
|       before do | ||||
|         stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload)) | ||||
|         stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|       end | ||||
|  | ||||
|       it_behaves_like 'synchronizes followers' | ||||
| @@ -96,7 +96,7 @@ RSpec.describe ActivityPub::SynchronizeFollowersService, type: :service do | ||||
|       end | ||||
|  | ||||
|       before do | ||||
|         stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload)) | ||||
|         stub_request(:get, collection_uri).to_return(status: 200, body: Oj.dump(payload), headers: { 'Content-Type': 'application/activity+json' }) | ||||
|       end | ||||
|  | ||||
|       it_behaves_like 'synchronizes followers' | ||||
|   | ||||
| @@ -54,7 +54,7 @@ RSpec.describe FetchResourceService, type: :service do | ||||
|  | ||||
|       let(:json) do | ||||
|         { | ||||
|           id: 1, | ||||
|           id: 'http://example.com/foo', | ||||
|           '@context': ActivityPub::TagManager::CONTEXT, | ||||
|           type: 'Note', | ||||
|         }.to_json | ||||
| @@ -79,14 +79,14 @@ RSpec.describe FetchResourceService, type: :service do | ||||
|         let(:content_type) { 'application/activity+json; charset=utf-8' } | ||||
|         let(:body) { json } | ||||
|  | ||||
|         it { is_expected.to eq [1, { prefetched_body: body, id: true }] } | ||||
|         it { is_expected.to eq ['http://example.com/foo', { prefetched_body: body }] } | ||||
|       end | ||||
|  | ||||
|       context 'when content type is ld+json with profile' do | ||||
|         let(:content_type) { 'application/ld+json; profile="https://www.w3.org/ns/activitystreams"' } | ||||
|         let(:body) { json } | ||||
|  | ||||
|         it { is_expected.to eq [1, { prefetched_body: body, id: true }] } | ||||
|         it { is_expected.to eq ['http://example.com/foo', { prefetched_body: body }] } | ||||
|       end | ||||
|  | ||||
|       before do | ||||
| @@ -97,14 +97,14 @@ RSpec.describe FetchResourceService, type: :service do | ||||
|       context 'when link header is present' do | ||||
|         let(:headers) { { 'Link' => '<http://example.com/foo>; rel="alternate"; type="application/activity+json"', } } | ||||
|  | ||||
|         it { is_expected.to eq [1, { prefetched_body: json, id: true }] } | ||||
|         it { is_expected.to eq ['http://example.com/foo', { prefetched_body: json }] } | ||||
|       end | ||||
|  | ||||
|       context 'when content type is text/html' do | ||||
|         let(:content_type) { 'text/html' } | ||||
|         let(:body) { '<html><head><link rel="alternate" href="http://example.com/foo" type="application/activity+json"/></head></html>' } | ||||
|  | ||||
|         it { is_expected.to eq [1, { prefetched_body: json, id: true }] } | ||||
|         it { is_expected.to eq ['http://example.com/foo', { prefetched_body: json }] } | ||||
|       end | ||||
|     end | ||||
|   end | ||||
|   | ||||
| @@ -139,6 +139,7 @@ describe ResolveURLService, type: :service do | ||||
|         stub_request(:get, url).to_return(status: 302, headers: { 'Location' => status_url }) | ||||
|         body = ActiveModelSerializers::SerializableResource.new(status, serializer: ActivityPub::NoteSerializer, adapter: ActivityPub::Adapter).to_json | ||||
|         stub_request(:get, status_url).to_return(body: body, headers: { 'Content-Type' => 'application/activity+json' }) | ||||
|         stub_request(:get, uri).to_return(body: body, headers: { 'Content-Type' => 'application/activity+json' }) | ||||
|       end | ||||
|  | ||||
|       it 'returns status by url' do | ||||
|   | ||||
							
								
								
									
										7
									
								
								spec/support/omniauth_mocks.rb
									
									
									
									
									
										Normal file
									
								
							
							
						
						
									
										7
									
								
								spec/support/omniauth_mocks.rb
									
									
									
									
									
										Normal file
									
								
							| @@ -0,0 +1,7 @@ | ||||
| # frozen_string_literal: true | ||||
|  | ||||
| OmniAuth.config.test_mode = true | ||||
|  | ||||
| def mock_omniauth(provider, data) | ||||
|   OmniAuth.config.mock_auth[provider] = OmniAuth::AuthHash.new(data) | ||||
| end | ||||
| @@ -21,7 +21,7 @@ describe ActivityPub::FetchRepliesWorker do | ||||
|  | ||||
|   describe 'perform' do | ||||
|     it 'performs a request if the collection URI is from the same host' do | ||||
|       stub_request(:get, 'https://example.com/statuses_replies/1').to_return(status: 200, body: json) | ||||
|       stub_request(:get, 'https://example.com/statuses_replies/1').to_return(status: 200, body: json, headers: { 'Content-Type': 'application/activity+json' }) | ||||
|       subject.perform(status.id, 'https://example.com/statuses_replies/1') | ||||
|       expect(a_request(:get, 'https://example.com/statuses_replies/1')).to have_been_made.once | ||||
|     end | ||||
|   | ||||
		Reference in New Issue
	
	Block a user