git.squeep.com Git - akkoma/blob - test/plugs/http_signature_plug_test.exs

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.Plugs.HTTPSignaturePlugTest do
   6   use Pleroma.Web.ConnCase
   7   alias Pleroma.Web.HTTPSignatures
   8   alias Pleroma.Web.Plugs.HTTPSignaturePlug
   9
  10   import Plug.Conn
  11   import Mock
  12
  13   test "it call HTTPSignatures to check validity if the actor sighed it" do
  14     params = %{"actor" => "http://mastodon.example.org/users/admin"}
  15     conn = build_conn(:get, "/doesntmattter", params)
  16
  17     with_mock HTTPSignatures, validate_conn: fn _ -> true end do
  18       conn =
  19         conn
  20         |> put_req_header(
  21           "signature",
  22           "keyId=\"http://mastodon.example.org/users/admin#main-key"
  23         )
  24         |> HTTPSignaturePlug.call(%{})
  25
  26       assert conn.assigns.valid_signature == true
  27       assert called(HTTPSignatures.validate_conn(:_))
  28     end
  29   end
  30
  31   test "bails out early if the signature isn't by the activity actor" do
  32     params = %{"actor" => "https://mst3k.interlinked.me/users/luciferMysticus"}
  33     conn = build_conn(:get, "/doesntmattter", params)
  34
  35     with_mock HTTPSignatures, validate_conn: fn _ -> false end do
  36       conn =
  37         conn
  38         |> put_req_header(
  39           "signature",
  40           "keyId=\"http://mastodon.example.org/users/admin#main-key"
  41         )
  42         |> HTTPSignaturePlug.call(%{})
  43
  44       assert conn.assigns.valid_signature == false
  45       refute called(HTTPSignatures.validate_conn(:_))
  46     end
  47   end
  48 end