From dc1d8e13b483d6e5df4ea6432aa3e37971bb3fb1 Mon Sep 17 00:00:00 2001
From: William Pitcock <nenolod@dereferenced.org>
Date: Sat, 17 Nov 2018 20:20:45 +0000
Subject: [PATCH] tests: add a testcase for user collision

---
 test/support/httpoison_mock.ex                |  8 ++++++++
 test/web/activity_pub/transmogrifier_test.exs | 12 ++++++++++++
 2 files changed, 20 insertions(+)

diff --git a/test/support/httpoison_mock.ex b/test/support/httpoison_mock.ex
index ebd1e9c4d..e3310bb5d 100644
--- a/test/support/httpoison_mock.ex
+++ b/test/support/httpoison_mock.ex
@@ -756,6 +756,14 @@ def get("https://niu.moe/users/rye", [Accept: "application/activity+json"], _) d
      }}
   end
 
+  def get("https://n1u.moe/users/rye", [Accept: "application/activity+json"], _) do
+    {:ok,
+     %Response{
+       status_code: 200,
+       body: File.read!("test/fixtures/httpoison_mock/rye.json")
+     }}
+  end
+
   def get(
         "https://mst3k.interlinked.me/users/luciferMysticus",
         [Accept: "application/activity+json"],
diff --git a/test/web/activity_pub/transmogrifier_test.exs b/test/web/activity_pub/transmogrifier_test.exs
index b8adf3b8a..f8a82dd5b 100644
--- a/test/web/activity_pub/transmogrifier_test.exs
+++ b/test/web/activity_pub/transmogrifier_test.exs
@@ -955,5 +955,17 @@ test "contain_origin_from_id() allows matching IDs" do
           data
         )
     end
+
+    test "users cannot be collided through fake direction spoofing attempts" do
+      user =
+        insert(:user, %{
+          nickname: "rye@niu.moe",
+          local: false,
+          ap_id: "https://niu.moe/users/rye",
+          follower_address: User.ap_followers(%User{nickname: "rye@niu.moe"})
+        })
+
+      {:error, _} = User.get_or_fetch_by_ap_id("https://n1u.moe/users/rye")
+    end
   end
 end