2018-12-23 20:11:29 +00:00
|
|
|
# Pleroma: A lightweight social networking server
|
2023-01-01 11:11:47 +00:00
|
|
|
# Copyright © 2017-2023 Pleroma Authors <https://pleroma.social/>
|
2018-12-23 20:11:29 +00:00
|
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
|
2018-04-02 11:13:14 +00:00
|
|
|
defmodule Pleroma.Web.Plugs.HTTPSignaturePlugTest do
|
|
|
|
use Pleroma.Web.ConnCase
|
|
|
|
alias Pleroma.Web.Plugs.HTTPSignaturePlug
|
|
|
|
|
|
|
|
import Plug.Conn
|
2019-12-19 13:17:18 +00:00
|
|
|
import Phoenix.Controller, only: [put_format: 2]
|
2018-04-02 11:13:14 +00:00
|
|
|
import Mock
|
|
|
|
|
|
|
|
test "it call HTTPSignatures to check validity if the actor sighed it" do
|
|
|
|
params = %{"actor" => "http://mastodon.example.org/users/admin"}
|
|
|
|
conn = build_conn(:get, "/doesntmattter", params)
|
|
|
|
|
|
|
|
with_mock HTTPSignatures, validate_conn: fn _ -> true end do
|
|
|
|
conn =
|
|
|
|
conn
|
|
|
|
|> put_req_header(
|
|
|
|
"signature",
|
|
|
|
"keyId=\"http://mastodon.example.org/users/admin#main-key"
|
|
|
|
)
|
2019-12-19 13:17:18 +00:00
|
|
|
|> put_format("activity+json")
|
2018-04-02 11:13:14 +00:00
|
|
|
|> HTTPSignaturePlug.call(%{})
|
|
|
|
|
|
|
|
assert conn.assigns.valid_signature == true
|
2019-12-16 15:24:03 +00:00
|
|
|
assert conn.halted == false
|
2018-04-02 11:13:14 +00:00
|
|
|
assert called(HTTPSignatures.validate_conn(:_))
|
|
|
|
end
|
|
|
|
end
|
2019-12-16 15:24:03 +00:00
|
|
|
|
2019-12-16 18:39:59 +00:00
|
|
|
describe "requires a signature when `authorized_fetch_mode` is enabled" do
|
2019-12-16 15:24:03 +00:00
|
|
|
setup do
|
2021-01-26 17:58:43 +00:00
|
|
|
clear_config([:activitypub, :authorized_fetch_mode], true)
|
2019-12-16 15:24:03 +00:00
|
|
|
|
|
|
|
params = %{"actor" => "http://mastodon.example.org/users/admin"}
|
2019-12-19 13:17:18 +00:00
|
|
|
conn = build_conn(:get, "/doesntmattter", params) |> put_format("activity+json")
|
2019-12-16 15:24:03 +00:00
|
|
|
|
|
|
|
[conn: conn]
|
|
|
|
end
|
|
|
|
|
|
|
|
test "when signature header is present", %{conn: conn} do
|
|
|
|
with_mock HTTPSignatures, validate_conn: fn _ -> false end do
|
|
|
|
conn =
|
|
|
|
conn
|
|
|
|
|> put_req_header(
|
|
|
|
"signature",
|
|
|
|
"keyId=\"http://mastodon.example.org/users/admin#main-key"
|
|
|
|
)
|
|
|
|
|> HTTPSignaturePlug.call(%{})
|
|
|
|
|
|
|
|
assert conn.assigns.valid_signature == false
|
|
|
|
assert conn.halted == true
|
|
|
|
assert conn.status == 401
|
|
|
|
assert conn.state == :sent
|
|
|
|
assert conn.resp_body == "Request not signed"
|
|
|
|
assert called(HTTPSignatures.validate_conn(:_))
|
|
|
|
end
|
|
|
|
|
|
|
|
with_mock HTTPSignatures, validate_conn: fn _ -> true end do
|
|
|
|
conn =
|
|
|
|
conn
|
|
|
|
|> put_req_header(
|
|
|
|
"signature",
|
|
|
|
"keyId=\"http://mastodon.example.org/users/admin#main-key"
|
|
|
|
)
|
|
|
|
|> HTTPSignaturePlug.call(%{})
|
|
|
|
|
|
|
|
assert conn.assigns.valid_signature == true
|
|
|
|
assert conn.halted == false
|
|
|
|
assert called(HTTPSignatures.validate_conn(:_))
|
|
|
|
end
|
|
|
|
end
|
|
|
|
|
|
|
|
test "halts the connection when `signature` header is not present", %{conn: conn} do
|
|
|
|
conn = HTTPSignaturePlug.call(conn, %{})
|
|
|
|
assert conn.assigns[:valid_signature] == nil
|
|
|
|
assert conn.halted == true
|
|
|
|
assert conn.status == 401
|
|
|
|
assert conn.state == :sent
|
|
|
|
assert conn.resp_body == "Request not signed"
|
|
|
|
end
|
|
|
|
end
|
2018-04-02 11:13:14 +00:00
|
|
|
end
|