1 # Akkoma: Magically expressive social media
2 # Copyright © 2022-2022 Akkoma Authors <https://akkoma.dev/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.Plugs.EnsureHTTPSignaturePlugTest do
6 use Pleroma.Web.ConnCase
7 alias Pleroma.Web.Plugs.EnsureHTTPSignaturePlug
10 import Phoenix.Controller, only: [put_format: 2]
12 import Pleroma.Tests.Helpers, only: [clear_config: 2]
14 describe "requires a signature when `authorized_fetch_mode` is enabled" do
16 clear_config([:activitypub, :authorized_fetch_mode], true)
19 build_conn(:get, "/doesntmatter")
20 |> put_format("activity+json")
25 test "and signature has been set as invalid", %{conn: conn} do
28 |> assign(:valid_signature, false)
29 |> EnsureHTTPSignaturePlug.call(%{})
31 assert conn.halted == true
32 assert conn.status == 401
33 assert conn.state == :sent
34 assert conn.resp_body == "Request not signed"
37 test "and signature has been set as valid", %{conn: conn} do
40 |> assign(:valid_signature, true)
41 |> EnsureHTTPSignaturePlug.call(%{})
43 assert conn.halted == false
46 test "does nothing for non-ActivityPub content types", %{conn: conn} do
49 |> assign(:valid_signature, false)
51 |> EnsureHTTPSignaturePlug.call(%{})
53 assert conn.halted == false
57 test "does nothing on invalid signature when `authorized_fetch_mode` is disabled" do
58 clear_config([:activitypub, :authorized_fetch_mode], false)
61 build_conn(:get, "/doesntmatter")
62 |> put_format("activity+json")
63 |> assign(:valid_signature, false)
64 |> EnsureHTTPSignaturePlug.call(%{})
66 assert conn.halted == false