1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.Plugs.HTTPSignaturePlugTest do
6 use Pleroma.Web.ConnCase
7 alias Pleroma.Web.Plugs.HTTPSignaturePlug
10 import Phoenix.Controller, only: [put_format: 2]
13 test "it call HTTPSignatures to check validity if the actor sighed it" do
14 params = %{"actor" => "http://mastodon.example.org/users/admin"}
15 conn = build_conn(:get, "/doesntmattter", params)
17 with_mock HTTPSignatures, validate_conn: fn _ -> true end do
22 "keyId=\"http://mastodon.example.org/users/admin#main-key"
24 |> put_format("activity+json")
25 |> HTTPSignaturePlug.call(%{})
27 assert conn.assigns.valid_signature == true
28 assert conn.halted == false
29 assert called(HTTPSignatures.validate_conn(:_))
33 describe "requires a signature when `authorized_fetch_mode` is enabled" do
35 Pleroma.Config.put([:activitypub, :authorized_fetch_mode], true)
38 Pleroma.Config.put([:activitypub, :authorized_fetch_mode], false)
41 params = %{"actor" => "http://mastodon.example.org/users/admin"}
42 conn = build_conn(:get, "/doesntmattter", params) |> put_format("activity+json")
47 test "when signature header is present", %{conn: conn} do
48 with_mock HTTPSignatures, validate_conn: fn _ -> false end do
53 "keyId=\"http://mastodon.example.org/users/admin#main-key"
55 |> HTTPSignaturePlug.call(%{})
57 assert conn.assigns.valid_signature == false
58 assert conn.halted == true
59 assert conn.status == 401
60 assert conn.state == :sent
61 assert conn.resp_body == "Request not signed"
62 assert called(HTTPSignatures.validate_conn(:_))
65 with_mock HTTPSignatures, validate_conn: fn _ -> true end do
70 "keyId=\"http://mastodon.example.org/users/admin#main-key"
72 |> HTTPSignaturePlug.call(%{})
74 assert conn.assigns.valid_signature == true
75 assert conn.halted == false
76 assert called(HTTPSignatures.validate_conn(:_))
80 test "halts the connection when `signature` header is not present", %{conn: conn} do
81 conn = HTTPSignaturePlug.call(conn, %{})
82 assert conn.assigns[:valid_signature] == nil
83 assert conn.halted == true
84 assert conn.status == 401
85 assert conn.state == :sent
86 assert conn.resp_body == "Request not signed"