Merge remote-tracking branch 'origin/develop' into fix-attachment-dimensions
[akkoma] / test / pleroma / web / plugs / http_signature_plug_test.exs
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.Plugs.HTTPSignaturePlugTest do
6 use Pleroma.Web.ConnCase
7 alias Pleroma.Web.Plugs.HTTPSignaturePlug
8
9 import Plug.Conn
10 import Phoenix.Controller, only: [put_format: 2]
11 import Mock
12
13 test "it call HTTPSignatures to check validity if the actor sighed it" do
14 params = %{"actor" => "http://mastodon.example.org/users/admin"}
15 conn = build_conn(:get, "/doesntmattter", params)
16
17 with_mock HTTPSignatures, validate_conn: fn _ -> true end do
18 conn =
19 conn
20 |> put_req_header(
21 "signature",
22 "keyId=\"http://mastodon.example.org/users/admin#main-key"
23 )
24 |> put_format("activity+json")
25 |> HTTPSignaturePlug.call(%{})
26
27 assert conn.assigns.valid_signature == true
28 assert conn.halted == false
29 assert called(HTTPSignatures.validate_conn(:_))
30 end
31 end
32
33 describe "requires a signature when `authorized_fetch_mode` is enabled" do
34 setup do
35 clear_config([:activitypub, :authorized_fetch_mode], true)
36
37 params = %{"actor" => "http://mastodon.example.org/users/admin"}
38 conn = build_conn(:get, "/doesntmattter", params) |> put_format("activity+json")
39
40 [conn: conn]
41 end
42
43 test "when signature header is present", %{conn: conn} do
44 with_mock HTTPSignatures, validate_conn: fn _ -> false end do
45 conn =
46 conn
47 |> put_req_header(
48 "signature",
49 "keyId=\"http://mastodon.example.org/users/admin#main-key"
50 )
51 |> HTTPSignaturePlug.call(%{})
52
53 assert conn.assigns.valid_signature == false
54 assert conn.halted == true
55 assert conn.status == 401
56 assert conn.state == :sent
57 assert conn.resp_body == "Request not signed"
58 assert called(HTTPSignatures.validate_conn(:_))
59 end
60
61 with_mock HTTPSignatures, validate_conn: fn _ -> true end do
62 conn =
63 conn
64 |> put_req_header(
65 "signature",
66 "keyId=\"http://mastodon.example.org/users/admin#main-key"
67 )
68 |> HTTPSignaturePlug.call(%{})
69
70 assert conn.assigns.valid_signature == true
71 assert conn.halted == false
72 assert called(HTTPSignatures.validate_conn(:_))
73 end
74 end
75
76 test "halts the connection when `signature` header is not present", %{conn: conn} do
77 conn = HTTPSignaturePlug.call(conn, %{})
78 assert conn.assigns[:valid_signature] == nil
79 assert conn.halted == true
80 assert conn.status == 401
81 assert conn.state == :sent
82 assert conn.resp_body == "Request not signed"
83 end
84 end
85 end