git.squeep.com Git - akkoma/blob - test/pleroma/web/plugs/http_signature_plug_test.exs

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.Plugs.HTTPSignaturePlugTest do
   6   use Pleroma.Web.ConnCase
   7   import Pleroma.Factory
   8   alias Pleroma.Web.Plugs.HTTPSignaturePlug
   9
  10   import Plug.Conn
  11   import Phoenix.Controller, only: [put_format: 2]
  12   import Mock
  13
  14   test "it call HTTPSignatures to check validity if the actor sighed it" do
  15     params = %{"actor" => "http://mastodon.example.org/users/admin"}
  16     conn = build_conn(:get, "/doesntmattter", params)
  17
  18     with_mock HTTPSignatures, validate_conn: fn _ -> true end do
  19       conn =
  20         conn
  21         |> put_req_header(
  22           "signature",
  23           "keyId=\"http://mastodon.example.org/users/admin#main-key"
  24         )
  25         |> put_format("activity+json")
  26         |> HTTPSignaturePlug.call(%{})
  27
  28       assert conn.assigns.valid_signature == true
  29       assert conn.halted == false
  30       assert called(HTTPSignatures.validate_conn(:_))
  31     end
  32   end
  33
  34   describe "requires a signature when `authorized_fetch_mode` is enabled" do
  35     setup do
  36       clear_config([:activitypub, :authorized_fetch_mode], true)
  37
  38       params = %{"actor" => "http://mastodon.example.org/users/admin"}
  39       conn = build_conn(:get, "/doesntmattter", params) |> put_format("activity+json")
  40
  41       [conn: conn]
  42     end
  43
  44     test "when signature header is present", %{conn: conn} do
  45       with_mock HTTPSignatures, validate_conn: fn _ -> false end do
  46         conn =
  47           conn
  48           |> put_req_header(
  49             "signature",
  50             "keyId=\"http://mastodon.example.org/users/admin#main-key"
  51           )
  52           |> HTTPSignaturePlug.call(%{})
  53
  54         assert conn.assigns.valid_signature == false
  55         assert conn.halted == true
  56         assert conn.status == 401
  57         assert conn.state == :sent
  58         assert conn.resp_body == "Request not signed"
  59         assert called(HTTPSignatures.validate_conn(:_))
  60       end
  61
  62       with_mock HTTPSignatures, validate_conn: fn _ -> true end do
  63         conn =
  64           conn
  65           |> put_req_header(
  66             "signature",
  67             "keyId=\"http://mastodon.example.org/users/admin#main-key"
  68           )
  69           |> HTTPSignaturePlug.call(%{})
  70
  71         assert conn.assigns.valid_signature == true
  72         assert conn.halted == false
  73         assert called(HTTPSignatures.validate_conn(:_))
  74       end
  75     end
  76
  77     test "halts the connection when `signature` header is not present", %{conn: conn} do
  78       conn = HTTPSignaturePlug.call(conn, %{})
  79       assert conn.assigns[:valid_signature] == nil
  80       assert conn.halted == true
  81       assert conn.status == 401
  82       assert conn.state == :sent
  83       assert conn.resp_body == "Request not signed"
  84     end
  85
  86     test "aliases redirected /object endpoints", _ do
  87       obj = insert(:note)
  88       act = insert(:note_activity, note: obj)
  89       params = %{"actor" => "http://mastodon.example.org/users/admin"}
  90       path = URI.parse(obj.data["id"]).path
  91       conn = build_conn(:get, path, params)
  92       assert ["/notice/#{act.id}"] == HTTPSignaturePlug.route_aliases(conn)
  93     end
  94   end
  95 end