git.squeep.com Git - akkoma/blob - test/plugs/http_signature_plug_test.exs

   1 defmodule Pleroma.Web.Plugs.HTTPSignaturePlugTest do
   2   use Pleroma.Web.ConnCase
   3   alias Pleroma.Web.HTTPSignatures
   4   alias Pleroma.Web.Plugs.HTTPSignaturePlug
   5
   6   import Plug.Conn
   7   import Mock
   8
   9   test "it call HTTPSignatures to check validity if the actor sighed it" do
  10     params = %{"actor" => "http://mastodon.example.org/users/admin"}
  11     conn = build_conn(:get, "/doesntmattter", params)
  12
  13     with_mock HTTPSignatures, validate_conn: fn _ -> true end do
  14       conn =
  15         conn
  16         |> put_req_header(
  17           "signature",
  18           "keyId=\"http://mastodon.example.org/users/admin#main-key"
  19         )
  20         |> HTTPSignaturePlug.call(%{})
  21
  22       assert conn.assigns.valid_signature == true
  23       assert called(HTTPSignatures.validate_conn(:_))
  24     end
  25   end
  26
  27   test "bails out early if the signature isn't by the activity actor" do
  28     params = %{"actor" => "https://mst3k.interlinked.me/users/luciferMysticus"}
  29     conn = build_conn(:get, "/doesntmattter", params)
  30
  31     with_mock HTTPSignatures, validate_conn: fn _ -> false end do
  32       conn =
  33         conn
  34         |> put_req_header(
  35           "signature",
  36           "keyId=\"http://mastodon.example.org/users/admin#main-key"
  37         )
  38         |> HTTPSignaturePlug.call(%{})
  39
  40       assert conn.assigns.valid_signature == false
  41       refute called(HTTPSignatures.validate_conn(:_))
  42     end
  43   end
  44 end