1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.Plugs.HTTPSignaturePlugTest do
6 use Pleroma.Web.ConnCase
7 alias Pleroma.Web.Plugs.HTTPSignaturePlug
12 test "it call HTTPSignatures to check validity if the actor sighed it" do
13 params = %{"actor" => "http://mastodon.example.org/users/admin"}
14 conn = build_conn(:get, "/doesntmattter", params)
16 with_mock HTTPSignatures, validate_conn: fn _ -> true end do
21 "keyId=\"http://mastodon.example.org/users/admin#main-key"
23 |> HTTPSignaturePlug.call(%{})
25 assert conn.assigns.valid_signature == true
26 assert conn.halted == false
27 assert called(HTTPSignatures.validate_conn(:_))
31 describe "requires a signature when `authorized_fetch_mode` is enabled" do
33 Pleroma.Config.put([:activitypub, :authorized_fetch_mode], true)
36 Pleroma.Config.put([:activitypub, :authorized_fetch_mode], false)
39 params = %{"actor" => "http://mastodon.example.org/users/admin"}
40 conn = build_conn(:get, "/doesntmattter", params)
45 test "when signature header is present", %{conn: conn} do
46 with_mock HTTPSignatures, validate_conn: fn _ -> false end do
51 "keyId=\"http://mastodon.example.org/users/admin#main-key"
53 |> HTTPSignaturePlug.call(%{})
55 assert conn.assigns.valid_signature == false
56 assert conn.halted == true
57 assert conn.status == 401
58 assert conn.state == :sent
59 assert conn.resp_body == "Request not signed"
60 assert called(HTTPSignatures.validate_conn(:_))
63 with_mock HTTPSignatures, validate_conn: fn _ -> true end do
68 "keyId=\"http://mastodon.example.org/users/admin#main-key"
70 |> HTTPSignaturePlug.call(%{})
72 assert conn.assigns.valid_signature == true
73 assert conn.halted == false
74 assert called(HTTPSignatures.validate_conn(:_))
78 test "halts the connection when `signature` header is not present", %{conn: conn} do
79 conn = HTTPSignaturePlug.call(conn, %{})
80 assert conn.assigns[:valid_signature] == nil
81 assert conn.halted == true
82 assert conn.status == 401
83 assert conn.state == :sent
84 assert conn.resp_body == "Request not signed"