git.squeep.com Git - akkoma/blob - test/plugs/http_signature_plug_test.exs

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.Plugs.HTTPSignaturePlugTest do
   6   use Pleroma.Web.ConnCase
   7   alias Pleroma.Web.Plugs.HTTPSignaturePlug
   8
   9   import Plug.Conn
  10   import Mock
  11
  12   test "it call HTTPSignatures to check validity if the actor sighed it" do
  13     params = %{"actor" => "http://mastodon.example.org/users/admin"}
  14     conn = build_conn(:get, "/doesntmattter", params)
  15
  16     with_mock HTTPSignatures, validate_conn: fn _ -> true end do
  17       conn =
  18         conn
  19         |> put_req_header(
  20           "signature",
  21           "keyId=\"http://mastodon.example.org/users/admin#main-key"
  22         )
  23         |> HTTPSignaturePlug.call(%{})
  24
  25       assert conn.assigns.valid_signature == true
  26       assert conn.halted == false
  27       assert called(HTTPSignatures.validate_conn(:_))
  28     end
  29   end
  30
  31   describe "requries a signature when `authorized_fetch_mode` is enabled" do
  32     setup do
  33       Pleroma.Config.put([:activitypub, :authorized_fetch_mode], true)
  34
  35       on_exit(fn ->
  36         Pleroma.Config.put([:activitypub, :authorized_fetch_mode], false)
  37       end)
  38
  39       params = %{"actor" => "http://mastodon.example.org/users/admin"}
  40       conn = build_conn(:get, "/doesntmattter", params)
  41
  42       [conn: conn]
  43     end
  44
  45     test "when signature header is present", %{conn: conn} do
  46       with_mock HTTPSignatures, validate_conn: fn _ -> false end do
  47         conn =
  48           conn
  49           |> put_req_header(
  50             "signature",
  51             "keyId=\"http://mastodon.example.org/users/admin#main-key"
  52           )
  53           |> HTTPSignaturePlug.call(%{})
  54
  55         assert conn.assigns.valid_signature == false
  56         assert conn.halted == true
  57         assert conn.status == 401
  58         assert conn.state == :sent
  59         assert conn.resp_body == "Request not signed"
  60         assert called(HTTPSignatures.validate_conn(:_))
  61       end
  62
  63       with_mock HTTPSignatures, validate_conn: fn _ -> true end do
  64         conn =
  65           conn
  66           |> put_req_header(
  67             "signature",
  68             "keyId=\"http://mastodon.example.org/users/admin#main-key"
  69           )
  70           |> HTTPSignaturePlug.call(%{})
  71
  72         assert conn.assigns.valid_signature == true
  73         assert conn.halted == false
  74         assert called(HTTPSignatures.validate_conn(:_))
  75       end
  76     end
  77
  78     test "halts the connection when `signature` header is not present", %{conn: conn} do
  79       conn = HTTPSignaturePlug.call(conn, %{})
  80       assert conn.assigns[:valid_signature] == nil
  81       assert conn.halted == true
  82       assert conn.status == 401
  83       assert conn.state == :sent
  84       assert conn.resp_body == "Request not signed"
  85     end
  86   end
  87 end