add impostor test for webfinger
This commit is contained in:
parent
a953b1d927
commit
50403351f4
2 changed files with 57 additions and 0 deletions
41
test/fixtures/webfinger/imposter-webfinger.json
vendored
Normal file
41
test/fixtures/webfinger/imposter-webfinger.json
vendored
Normal file
|
@ -0,0 +1,41 @@
|
|||
{
|
||||
"subject": "acct:oopsie@notwhereitshouldbe.com",
|
||||
"aliases": [
|
||||
"https://bad.com/webfingertest"
|
||||
],
|
||||
"links": [
|
||||
{
|
||||
"rel": "http://webfinger.net/rel/profile-page",
|
||||
"type": "text/html",
|
||||
"href": "https://bad.com/webfingertest"
|
||||
},
|
||||
{
|
||||
"rel": "self",
|
||||
"type": "application/activity+json",
|
||||
"href": "https://bad.com/webfingertest"
|
||||
},
|
||||
{
|
||||
"rel": "http://ostatus.org/schema/1.0/subscribe",
|
||||
"template": "https://bad.com/contact/follow?url={uri}"
|
||||
},
|
||||
{
|
||||
"rel": "http://schemas.google.com/g/2010#updates-from",
|
||||
"type": "application/atom+xml",
|
||||
"href": ""
|
||||
},
|
||||
{
|
||||
"rel": "salmon",
|
||||
"href": "https://bad.com/salmon/friendica"
|
||||
},
|
||||
{
|
||||
"rel": "http://microformats.org/profile/hcard",
|
||||
"type": "text/html",
|
||||
"href": "https://bad.com/hcard/friendica"
|
||||
},
|
||||
{
|
||||
"rel": "http://joindiaspora.com/seed_location",
|
||||
"type": "text/html",
|
||||
"href": "https://bad.com"
|
||||
}
|
||||
]
|
||||
}
|
|
@ -190,4 +190,20 @@ defmodule Pleroma.Web.WebFingerTest do
|
|||
end
|
||||
|
||||
end
|
||||
|
||||
@tag capture_log: true
|
||||
test "prevents forgeries" do
|
||||
Tesla.Mock.mock(fn
|
||||
%{url: "https://bad.com/.well-known/webfinger?resource=acct:meanie@bad.com"} ->
|
||||
fake_webfinger =
|
||||
File.read!("test/fixtures/webfinger/imposter-webfinger.json") |> Jason.decode!()
|
||||
|
||||
Tesla.Mock.json(fake_webfinger)
|
||||
|
||||
%{url: "https://bad.com/.well-known/host-meta"} ->
|
||||
{:ok, %Tesla.Env{status: 404}}
|
||||
end)
|
||||
|
||||
assert {:error, {:webfinger_invalid, _, _}} = WebFinger.finger("meanie@bad.com")
|
||||
end
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue