git.squeep.com Git - akkoma/blob - test/plugs/http_signature_plug_test.exs

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.Plugs.HTTPSignaturePlugTest do
   6   use Pleroma.Web.ConnCase
   7   alias Pleroma.Web.Plugs.HTTPSignaturePlug
   8
   9   import Plug.Conn
  10   import Phoenix.Controller, only: [put_format: 2]
  11   import Mock
  12
  13   test "it call HTTPSignatures to check validity if the actor sighed it" do
  14     params = %{"actor" => "http://mastodon.example.org/users/admin"}
  15     conn = build_conn(:get, "/doesntmattter", params)
  16
  17     with_mock HTTPSignatures, validate_conn: fn _ -> true end do
  18       conn =
  19         conn
  20         |> put_req_header(
  21           "signature",
  22           "keyId=\"http://mastodon.example.org/users/admin#main-key"
  23         )
  24         |> put_format("activity+json")
  25         |> HTTPSignaturePlug.call(%{})
  26
  27       assert conn.assigns.valid_signature == true
  28       assert conn.halted == false
  29       assert called(HTTPSignatures.validate_conn(:_))
  30     end
  31   end
  32
  33   describe "requires a signature when `authorized_fetch_mode` is enabled" do
  34     setup do
  35       Pleroma.Config.put([:activitypub, :authorized_fetch_mode], true)
  36
  37       on_exit(fn ->
  38         Pleroma.Config.put([:activitypub, :authorized_fetch_mode], false)
  39       end)
  40
  41       params = %{"actor" => "http://mastodon.example.org/users/admin"}
  42       conn = build_conn(:get, "/doesntmattter", params) |> put_format("activity+json")
  43
  44       [conn: conn]
  45     end
  46
  47     test "when signature header is present", %{conn: conn} do
  48       with_mock HTTPSignatures, validate_conn: fn _ -> false end do
  49         conn =
  50           conn
  51           |> put_req_header(
  52             "signature",
  53             "keyId=\"http://mastodon.example.org/users/admin#main-key"
  54           )
  55           |> HTTPSignaturePlug.call(%{})
  56
  57         assert conn.assigns.valid_signature == false
  58         assert conn.halted == true
  59         assert conn.status == 401
  60         assert conn.state == :sent
  61         assert conn.resp_body == "Request not signed"
  62         assert called(HTTPSignatures.validate_conn(:_))
  63       end
  64
  65       with_mock HTTPSignatures, validate_conn: fn _ -> true end do
  66         conn =
  67           conn
  68           |> put_req_header(
  69             "signature",
  70             "keyId=\"http://mastodon.example.org/users/admin#main-key"
  71           )
  72           |> HTTPSignaturePlug.call(%{})
  73
  74         assert conn.assigns.valid_signature == true
  75         assert conn.halted == false
  76         assert called(HTTPSignatures.validate_conn(:_))
  77       end
  78     end
  79
  80     test "halts the connection when `signature` header is not present", %{conn: conn} do
  81       conn = HTTPSignaturePlug.call(conn, %{})
  82       assert conn.assigns[:valid_signature] == nil
  83       assert conn.halted == true
  84       assert conn.status == 401
  85       assert conn.state == :sent
  86       assert conn.resp_body == "Request not signed"
  87     end
  88   end
  89 end