git.squeep.com Git - akkoma/blob - test/plugs/http_signature_plug_test.exs

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.Plugs.HTTPSignaturePlugTest do
   6   use Pleroma.Web.ConnCase
   7   alias Pleroma.Web.Plugs.HTTPSignaturePlug
   8
   9   import Plug.Conn
  10   import Mock
  11
  12   test "it call HTTPSignatures to check validity if the actor sighed it" do
  13     params = %{"actor" => "http://mastodon.example.org/users/admin"}
  14     conn = build_conn(:get, "/doesntmattter", params)
  15
  16     with_mock HTTPSignatures, validate_conn: fn _ -> true end do
  17       conn =
  18         conn
  19         |> put_req_header(
  20           "signature",
  21           "keyId=\"http://mastodon.example.org/users/admin#main-key"
  22         )
  23         |> HTTPSignaturePlug.call(%{})
  24
  25       assert conn.assigns.valid_signature == true
  26       assert called(HTTPSignatures.validate_conn(:_))
  27     end
  28   end
  29
  30   test "bails out early if the signature isn't by the activity actor" do
  31     params = %{"actor" => "https://mst3k.interlinked.me/users/luciferMysticus"}
  32     conn = build_conn(:get, "/doesntmattter", params)
  33
  34     with_mock HTTPSignatures, validate_conn: fn _ -> false end do
  35       conn =
  36         conn
  37         |> put_req_header(
  38           "signature",
  39           "keyId=\"http://mastodon.example.org/users/admin#main-key"
  40         )
  41         |> HTTPSignaturePlug.call(%{})
  42
  43       assert conn.assigns.valid_signature == false
  44       refute called(HTTPSignatures.validate_conn(:_))
  45     end
  46   end
  47 end