1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.Plugs.MappedSignatureToIdentityPlugTest do
6 use Pleroma.Web.ConnCase
7 alias Pleroma.Web.Plugs.MappedSignatureToIdentityPlug
12 import Pleroma.Tests.Helpers, only: [clear_config: 2]
15 mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
19 defp set_signature(conn, key_id) do
21 |> put_req_header("signature", "keyId=\"#{key_id}\"")
22 |> assign(:valid_signature, true)
25 test "it successfully maps a valid identity with a valid signature" do
27 build_conn(:get, "/doesntmattter")
28 |> set_signature("http://mastodon.example.org/users/admin")
29 |> MappedSignatureToIdentityPlug.call(%{})
31 refute is_nil(conn.assigns.user)
34 test "it successfully maps a valid identity with a valid signature with payload" do
36 build_conn(:post, "/doesntmattter", %{"actor" => "http://mastodon.example.org/users/admin"})
37 |> set_signature("http://mastodon.example.org/users/admin")
38 |> MappedSignatureToIdentityPlug.call(%{})
40 refute is_nil(conn.assigns.user)
43 test "it considers a mapped identity to be invalid when it mismatches a payload" do
45 build_conn(:post, "/doesntmattter", %{"actor" => "http://mastodon.example.org/users/admin"})
46 |> set_signature("https://niu.moe/users/rye")
47 |> MappedSignatureToIdentityPlug.call(%{})
49 assert %{valid_signature: false} == conn.assigns
52 test "it considers a mapped identity to be invalid when the associated instance is blocked" do
53 clear_config([:activitypub, :authorized_fetch_mode], true)
55 clear_config([:mrf_simple, :reject], [
56 {"mastodon.example.org", "anime is banned"}
60 Pleroma.Config.put([:activitypub, :authorized_fetch_mode], false)
61 Pleroma.Config.put([:mrf_simple, :reject], [])
65 build_conn(:post, "/doesntmattter", %{"actor" => "http://mastodon.example.org/users/admin"})
66 |> set_signature("http://mastodon.example.org/users/admin")
67 |> MappedSignatureToIdentityPlug.call(%{})
69 assert %{valid_signature: false} == conn.assigns
72 test "allowlist federation: it considers a mapped identity to be valid when the associated instance is allowed" do
73 clear_config([:activitypub, :authorized_fetch_mode], true)
75 clear_config([:mrf_simple, :accept], [
76 {"mastodon.example.org", "anime is allowed"}
80 Pleroma.Config.put([:activitypub, :authorized_fetch_mode], false)
81 Pleroma.Config.put([:mrf_simple, :accept], [])
85 build_conn(:post, "/doesntmattter", %{"actor" => "http://mastodon.example.org/users/admin"})
86 |> set_signature("http://mastodon.example.org/users/admin")
87 |> MappedSignatureToIdentityPlug.call(%{})
89 assert conn.assigns[:valid_signature]
90 refute is_nil(conn.assigns.user)
93 test "allowlist federation: it considers a mapped identity to be invalid when the associated instance is not allowed" do
94 clear_config([:activitypub, :authorized_fetch_mode], true)
96 clear_config([:mrf_simple, :accept], [
97 {"misskey.example.org", "anime is allowed"}
101 Pleroma.Config.put([:activitypub, :authorized_fetch_mode], false)
102 Pleroma.Config.put([:mrf_simple, :accept], [])
106 build_conn(:post, "/doesntmattter", %{"actor" => "http://mastodon.example.org/users/admin"})
107 |> set_signature("http://mastodon.example.org/users/admin")
108 |> MappedSignatureToIdentityPlug.call(%{})
110 assert %{valid_signature: false} == conn.assigns
113 @tag skip: "known breakage; the testsuite presently depends on it"
114 test "it considers a mapped identity to be invalid when the identity cannot be found" do
116 build_conn(:post, "/doesntmattter", %{"actor" => "http://mastodon.example.org/users/admin"})
117 |> set_signature("http://niu.moe/users/rye")
118 |> MappedSignatureToIdentityPlug.call(%{})
120 assert %{valid_signature: false} == conn.assigns
projects / akkoma / blob