X-Git-Url: https://git.squeep.com/?a=blobdiff_plain;f=test%2Fpleroma%2Fweb%2Fplugs%2Fhttp_signature_plug_test.exs;h=34d0dc00e2461947ade2ec02c3c605b03109142a;hb=03a00d005a74c1f74f403ca31dff0b3eee20d386;hp=e6cbde8031d23a1546cdd0e8d3ae657d82b00eaa;hpb=64553ebae2f415b309df5f6b1c13b9972bc65aaa;p=akkoma
diff --git a/test/pleroma/web/plugs/http_signature_plug_test.exs b/test/pleroma/web/plugs/http_signature_plug_test.exs
index e6cbde803..34d0dc00e 100644
--- a/test/pleroma/web/plugs/http_signature_plug_test.exs
+++ b/test/pleroma/web/plugs/http_signature_plug_test.exs
@@ -1,42 +1,95 @@
# Pleroma: A lightweight social networking server
-# Copyright © 2017-2020 Pleroma Authors
+# Copyright © 2017-2022 Pleroma Authors
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Web.Plugs.HTTPSignaturePlugTest do
- use Pleroma.Web.ConnCase
+ use Pleroma.Web.ConnCase, async: false
+ import Pleroma.Factory
alias Pleroma.Web.Plugs.HTTPSignaturePlug
+ alias Pleroma.Instances.Instance
+ alias Pleroma.Repo
import Plug.Conn
import Phoenix.Controller, only: [put_format: 2]
import Mock
- test "it call HTTPSignatures to check validity if the actor sighed it" do
+ setup_with_mocks([
+ {HTTPSignatures, [],
+ [
+ signature_for_conn: fn _ ->
+ %{"keyId" => "http://mastodon.example.org/users/admin#main-key"}
+ end,
+ validate_conn: fn conn ->
+ Map.get(conn.assigns, :valid_signature, true)
+ end
+ ]}
+ ]) do
+ :ok
+ end
+
+ defp submit_to_plug(host), do: submit_to_plug(host, :get, "/doesntmattter")
+
+ defp submit_to_plug(host, method, path) do
+ params = %{"actor" => "http://#{host}/users/admin"}
+
+ build_conn(method, path, params)
+ |> put_req_header(
+ "signature",
+ "keyId=\"http://#{host}/users/admin#main-key"
+ )
+ |> put_format("activity+json")
+ |> HTTPSignaturePlug.call(%{})
+ end
+
+ test "it call HTTPSignatures to check validity if the actor signed it" do
params = %{"actor" => "http://mastodon.example.org/users/admin"}
conn = build_conn(:get, "/doesntmattter", params)
- with_mock HTTPSignatures, validate_conn: fn _ -> true end do
- conn =
- conn
- |> put_req_header(
- "signature",
- "keyId=\"http://mastodon.example.org/users/admin#main-key"
- )
- |> put_format("activity+json")
- |> HTTPSignaturePlug.call(%{})
+ conn =
+ conn
+ |> put_req_header(
+ "signature",
+ "keyId=\"http://mastodon.example.org/users/admin#main-key"
+ )
+ |> put_format("activity+json")
+ |> HTTPSignaturePlug.call(%{})
- assert conn.assigns.valid_signature == true
- assert conn.halted == false
- assert called(HTTPSignatures.validate_conn(:_))
- end
+ assert conn.assigns.valid_signature == true
+ assert conn.assigns.signature_actor_id == params["actor"]
+ assert conn.halted == false
+ assert called(HTTPSignatures.validate_conn(:_))
+ end
+
+ test "it sets request signatures property on the instance" do
+ host = "mastodon.example.org"
+ conn = submit_to_plug(host)
+ assert conn.assigns.valid_signature == true
+ instance = Repo.get_by(Instance, %{host: host})
+ assert instance.has_request_signatures
+ end
+
+ test "it does not set request signatures property on the instance when using inbox" do
+ host = "mastodon.example.org"
+ conn = submit_to_plug(host, :post, "/inbox")
+ assert conn.assigns.valid_signature == true
+
+ # we don't even create the instance entry if its just POST /inbox
+ refute Repo.get_by(Instance, %{host: host})
+ end
+
+ test "it does not set request signatures property on the instance when its cached" do
+ host = "mastodon.example.org"
+ Cachex.put(:request_signatures_cache, host, true)
+ conn = submit_to_plug(host)
+ assert conn.assigns.valid_signature == true
+
+ # we don't even create the instance entry if it was already done
+ refute Repo.get_by(Instance, %{host: host})
end
describe "requires a signature when `authorized_fetch_mode` is enabled" do
setup do
- Pleroma.Config.put([:activitypub, :authorized_fetch_mode], true)
-
- on_exit(fn ->
- Pleroma.Config.put([:activitypub, :authorized_fetch_mode], false)
- end)
+ clear_config([:activitypub, :authorized_fetch_mode], true)
params = %{"actor" => "http://mastodon.example.org/users/admin"}
conn = build_conn(:get, "/doesntmattter", params) |> put_format("activity+json")
@@ -44,46 +97,47 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlugTest do
[conn: conn]
end
- test "when signature header is present", %{conn: conn} do
- with_mock HTTPSignatures, validate_conn: fn _ -> false end do
- conn =
- conn
- |> put_req_header(
- "signature",
- "keyId=\"http://mastodon.example.org/users/admin#main-key"
- )
- |> HTTPSignaturePlug.call(%{})
-
- assert conn.assigns.valid_signature == false
- assert conn.halted == true
- assert conn.status == 401
- assert conn.state == :sent
- assert conn.resp_body == "Request not signed"
- assert called(HTTPSignatures.validate_conn(:_))
- end
-
- with_mock HTTPSignatures, validate_conn: fn _ -> true end do
- conn =
- conn
- |> put_req_header(
- "signature",
- "keyId=\"http://mastodon.example.org/users/admin#main-key"
- )
- |> HTTPSignaturePlug.call(%{})
-
- assert conn.assigns.valid_signature == true
- assert conn.halted == false
- assert called(HTTPSignatures.validate_conn(:_))
- end
+ test "and signature is present and incorrect", %{conn: conn} do
+ conn =
+ conn
+ |> assign(:valid_signature, false)
+ |> put_req_header(
+ "signature",
+ "keyId=\"http://mastodon.example.org/users/admin#main-key"
+ )
+ |> HTTPSignaturePlug.call(%{})
+
+ assert conn.assigns.valid_signature == false
+ assert called(HTTPSignatures.validate_conn(:_))
+ end
+
+ test "and signature is correct", %{conn: conn} do
+ conn =
+ conn
+ |> put_req_header(
+ "signature",
+ "keyId=\"http://mastodon.example.org/users/admin#main-key"
+ )
+ |> HTTPSignaturePlug.call(%{})
+
+ assert conn.assigns.valid_signature == true
+ assert called(HTTPSignatures.validate_conn(:_))
end
- test "halts the connection when `signature` header is not present", %{conn: conn} do
+ test "and halts the connection when `signature` header is not present", %{conn: conn} do
conn = HTTPSignaturePlug.call(conn, %{})
assert conn.assigns[:valid_signature] == nil
- assert conn.halted == true
- assert conn.status == 401
- assert conn.state == :sent
- assert conn.resp_body == "Request not signed"
end
end
+
+ test "aliases redirected /object endpoints", _ do
+ obj = insert(:note)
+ act = insert(:note_activity, note: obj)
+ params = %{"actor" => "someparam"}
+ path = URI.parse(obj.data["id"]).path
+ conn = build_conn(:get, path, params)
+
+ assert ["/notice/#{act.id}", "/notice/#{act.id}?actor=someparam"] ==
+ HTTPSignaturePlug.route_aliases(conn)
+ end
end