resolve_account_service_spec.rb 9.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245
  1. # frozen_string_literal: true
  2. require 'rails_helper'
  3. RSpec.describe ResolveAccountService, type: :service do
  4. subject { described_class.new }
  5. before do
  6. stub_request(:get, 'https://example.com/.well-known/host-meta').to_return(status: 404)
  7. stub_request(:get, 'https://quitter.no/avatar/7477-300-20160211190340.png').to_return(request_fixture('avatar.txt'))
  8. stub_request(:get, 'https://ap.example.com/.well-known/webfinger?resource=acct:foo@ap.example.com').to_return(request_fixture('activitypub-webfinger.txt'))
  9. stub_request(:get, 'https://ap.example.com/users/foo').to_return(request_fixture('activitypub-actor.txt'))
  10. stub_request(:get, 'https://ap.example.com/users/foo.atom').to_return(request_fixture('activitypub-feed.txt'))
  11. stub_request(:get, %r{https://ap\.example\.com/users/foo/\w+}).to_return(status: 404)
  12. stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:hoge@example.com').to_return(status: 410)
  13. end
  14. context 'when using skip_webfinger' do
  15. context 'when account is known' do
  16. let!(:remote_account) { Fabricate(:account, username: 'foo', domain: 'ap.example.com', protocol: 'activitypub') }
  17. context 'when domain is banned' do
  18. let!(:domain_block) { Fabricate(:domain_block, domain: 'ap.example.com', severity: :suspend) }
  19. it 'does not return an account' do
  20. expect(subject.call('foo@ap.example.com', skip_webfinger: true)).to be_nil
  21. end
  22. it 'does not make a webfinger query' do
  23. subject.call('foo@ap.example.com', skip_webfinger: true)
  24. expect(a_request(:get, 'https://ap.example.com/.well-known/webfinger?resource=acct:foo@ap.example.com')).to_not have_been_made
  25. end
  26. end
  27. context 'when domain is not banned' do
  28. it 'returns the expected account' do
  29. expect(subject.call('foo@ap.example.com', skip_webfinger: true)).to eq remote_account
  30. end
  31. it 'does not make a webfinger query' do
  32. subject.call('foo@ap.example.com', skip_webfinger: true)
  33. expect(a_request(:get, 'https://ap.example.com/.well-known/webfinger?resource=acct:foo@ap.example.com')).to_not have_been_made
  34. end
  35. end
  36. end
  37. context 'when account is not known' do
  38. it 'does not return an account' do
  39. expect(subject.call('foo@ap.example.com', skip_webfinger: true)).to be_nil
  40. end
  41. it 'does not make a webfinger query' do
  42. subject.call('foo@ap.example.com', skip_webfinger: true)
  43. expect(a_request(:get, 'https://ap.example.com/.well-known/webfinger?resource=acct:foo@ap.example.com')).to_not have_been_made
  44. end
  45. end
  46. end
  47. context 'when there is an LRDD endpoint but no resolvable account' do
  48. before do
  49. stub_request(:get, 'https://quitter.no/.well-known/host-meta').to_return(request_fixture('.host-meta.txt'))
  50. stub_request(:get, 'https://quitter.no/.well-known/webfinger?resource=acct:catsrgr8@quitter.no').to_return(status: 404)
  51. end
  52. it 'returns nil' do
  53. expect(subject.call('catsrgr8@quitter.no')).to be_nil
  54. end
  55. end
  56. context 'when there is no LRDD endpoint nor resolvable account' do
  57. before do
  58. stub_request(:get, 'https://example.com/.well-known/webfinger?resource=acct:catsrgr8@example.com').to_return(status: 404)
  59. end
  60. it 'returns nil' do
  61. expect(subject.call('catsrgr8@example.com')).to be_nil
  62. end
  63. end
  64. context 'when webfinger returns http gone' do
  65. context 'with a previously known account' do
  66. before do
  67. Fabricate(:account, username: 'hoge', domain: 'example.com', last_webfingered_at: nil)
  68. allow(AccountDeletionWorker).to receive(:perform_async)
  69. end
  70. it 'returns nil' do
  71. expect(subject.call('hoge@example.com')).to be_nil
  72. end
  73. it 'queues account deletion worker' do
  74. subject.call('hoge@example.com')
  75. expect(AccountDeletionWorker).to have_received(:perform_async)
  76. end
  77. end
  78. context 'with a previously unknown account' do
  79. it 'returns nil' do
  80. expect(subject.call('hoge@example.com')).to be_nil
  81. end
  82. end
  83. end
  84. context 'with a legitimate webfinger redirection' do
  85. before do
  86. webfinger = { subject: 'acct:foo@ap.example.com', links: [{ rel: 'self', href: 'https://ap.example.com/users/foo', type: 'application/activity+json' }] }
  87. stub_request(:get, 'https://redirected.example.com/.well-known/webfinger?resource=acct:Foo@redirected.example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' })
  88. end
  89. it 'returns new remote account' do
  90. account = subject.call('Foo@redirected.example.com')
  91. expect(account.activitypub?).to be true
  92. expect(account.acct).to eq 'foo@ap.example.com'
  93. expect(account.inbox_url).to eq 'https://ap.example.com/users/foo/inbox'
  94. end
  95. end
  96. context 'with a misconfigured redirection' do
  97. before do
  98. webfinger = { subject: 'acct:Foo@redirected.example.com', links: [{ rel: 'self', href: 'https://ap.example.com/users/foo', type: 'application/activity+json' }] }
  99. stub_request(:get, 'https://redirected.example.com/.well-known/webfinger?resource=acct:Foo@redirected.example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' })
  100. end
  101. it 'returns new remote account' do
  102. account = subject.call('Foo@redirected.example.com')
  103. expect(account.activitypub?).to be true
  104. expect(account.acct).to eq 'foo@ap.example.com'
  105. expect(account.inbox_url).to eq 'https://ap.example.com/users/foo/inbox'
  106. end
  107. end
  108. context 'with too many webfinger redirections' do
  109. before do
  110. webfinger = { subject: 'acct:foo@evil.example.com', links: [{ rel: 'self', href: 'https://ap.example.com/users/foo', type: 'application/activity+json' }] }
  111. stub_request(:get, 'https://redirected.example.com/.well-known/webfinger?resource=acct:Foo@redirected.example.com').to_return(body: Oj.dump(webfinger), headers: { 'Content-Type': 'application/jrd+json' })
  112. webfinger2 = { subject: 'acct:foo@ap.example.com', links: [{ rel: 'self', href: 'https://ap.example.com/users/foo', type: 'application/activity+json' }] }
  113. stub_request(:get, 'https://evil.example.com/.well-known/webfinger?resource=acct:foo@evil.example.com').to_return(body: Oj.dump(webfinger2), headers: { 'Content-Type': 'application/jrd+json' })
  114. end
  115. it 'does not return a new remote account' do
  116. expect(subject.call('Foo@redirected.example.com')).to be_nil
  117. end
  118. end
  119. context 'with webfinger response subject missing a host value' do
  120. let(:body) { Oj.dump({ subject: 'user@' }) }
  121. let(:url) { 'https://host.example/.well-known/webfinger?resource=acct:user@host.example' }
  122. before do
  123. stub_request(:get, url).to_return(status: 200, body: body)
  124. end
  125. it 'returns nil with incomplete subject in response' do
  126. expect(subject.call('user@host.example')).to be_nil
  127. end
  128. end
  129. context 'with an ActivityPub account' do
  130. it 'returns new remote account' do
  131. account = subject.call('foo@ap.example.com')
  132. expect(account.activitypub?).to be true
  133. expect(account.domain).to eq 'ap.example.com'
  134. expect(account.inbox_url).to eq 'https://ap.example.com/users/foo/inbox'
  135. end
  136. context 'with multiple types' do
  137. before do
  138. stub_request(:get, 'https://ap.example.com/users/foo').to_return(request_fixture('activitypub-actor-individual.txt'))
  139. end
  140. it 'returns new remote account' do
  141. account = subject.call('foo@ap.example.com')
  142. expect(account.activitypub?).to be true
  143. expect(account.domain).to eq 'ap.example.com'
  144. expect(account.inbox_url).to eq 'https://ap.example.com/users/foo/inbox'
  145. expect(account.actor_type).to eq 'Person'
  146. end
  147. end
  148. end
  149. context 'with an already-known actor changing acct: URI' do
  150. let!(:duplicate) { Fabricate(:account, username: 'foo', domain: 'old.example.com', uri: 'https://ap.example.com/users/foo') }
  151. let!(:status) { Fabricate(:status, account: duplicate, text: 'foo') }
  152. it 'returns new remote account' do
  153. account = subject.call('foo@ap.example.com')
  154. expect(account.activitypub?).to be true
  155. expect(account.domain).to eq 'ap.example.com'
  156. expect(account.inbox_url).to eq 'https://ap.example.com/users/foo/inbox'
  157. expect(account.uri).to eq 'https://ap.example.com/users/foo'
  158. end
  159. it 'merges accounts' do
  160. account = subject.call('foo@ap.example.com')
  161. expect(status.reload.account_id).to eq account.id
  162. expect(Account.where(uri: account.uri).count).to eq 1
  163. end
  164. end
  165. context 'with an already-known acct: URI changing ActivityPub id' do
  166. let!(:old_account) { Fabricate(:account, username: 'foo', domain: 'ap.example.com', uri: 'https://old.example.com/users/foo', last_webfingered_at: nil) }
  167. let!(:status) { Fabricate(:status, account: old_account, text: 'foo') }
  168. it 'returns new remote account' do
  169. account = subject.call('foo@ap.example.com')
  170. expect(account.activitypub?).to be true
  171. expect(account.domain).to eq 'ap.example.com'
  172. expect(account.inbox_url).to eq 'https://ap.example.com/users/foo/inbox'
  173. expect(account.uri).to eq 'https://ap.example.com/users/foo'
  174. end
  175. end
  176. it 'processes one remote account at a time using locks' do
  177. wait_for_start = true
  178. fail_occurred = false
  179. return_values = Concurrent::Array.new
  180. threads = Array.new(5) do
  181. Thread.new do
  182. true while wait_for_start
  183. begin
  184. return_values << described_class.new.call('foo@ap.example.com')
  185. rescue ActiveRecord::RecordNotUnique
  186. fail_occurred = true
  187. ensure
  188. RedisConfiguration.pool.checkin if Thread.current[:redis]
  189. end
  190. end
  191. end
  192. wait_for_start = false
  193. threads.each(&:join)
  194. expect(fail_occurred).to be false
  195. expect(return_values).to_not include(nil)
  196. end
  197. end