kopia lustrzana https://gitlab.com/marnanel/chapeau
Require incoming messages to be application/activity+json or application/json
rodzic
b5a3aa1dbd
commit
2ee4b416a5
|
@ -284,7 +284,15 @@ class InboxView(django.views.View):
|
|||
|
||||
def post(self, request, name=None, *args, **kwargs):
|
||||
|
||||
# username is None for the shared inbox.
|
||||
# name is None for the shared inbox.
|
||||
|
||||
if request.META['CONTENT_TYPE'] not in [
|
||||
'application/activity+json',
|
||||
'application/json',
|
||||
]:
|
||||
return HttpResponse(
|
||||
status = 415, # unsupported media type
|
||||
)
|
||||
|
||||
capture = django_kepi.validation.IncomingMessage(
|
||||
date = request.META['HTTP_DATE'],
|
||||
|
|
|
@ -51,18 +51,31 @@ class TestInbox(TestCase):
|
|||
|
||||
@httpretty.activate
|
||||
def test_shared_post(self):
|
||||
self._post_to_inbox('/sharedInbox')
|
||||
self._post_to_inbox(INBOX_PATH)
|
||||
|
||||
@skip("broken; find out why")
|
||||
def test_non_json(self):
|
||||
|
||||
IncomingMessage.objects.all().delete()
|
||||
keys = json.load(open('tests/keys/keys-0001.json', 'r'))
|
||||
|
||||
body, headers = test_message_body_and_headers(
|
||||
f_actor = REMOTE_FRED,
|
||||
secret = keys['private'],
|
||||
)
|
||||
# we don't use the body it gives us
|
||||
|
||||
c = Client()
|
||||
|
||||
c.post('/sharedInbox',
|
||||
result = c.post(
|
||||
path = INBOX_PATH,
|
||||
content_type = 'text/plain',
|
||||
data = 'Hello',
|
||||
HTTP_DATE = headers['date'],
|
||||
HOST = headers['host'],
|
||||
HTTP_SIGNATURE = headers['signature'],
|
||||
)
|
||||
|
||||
self.assertEqual(
|
||||
result.status_code,
|
||||
415, # unsupported media type
|
||||
)
|
||||
|
||||
self.assertFalse(
|
||||
|
|
Ładowanie…
Reference in New Issue