logo

mastofe

My custom branche(s) on git.pleroma.social/pleroma/mastofe git clone https://hacktivis.me/git/mastofe.git

signature_verification_spec.rb (2798B)


  1. # frozen_string_literal: true
  2. require 'rails_helper'
  3. describe ApplicationController, type: :controller do
  4. controller do
  5. include SignatureVerification
  6. def success
  7. head 200
  8. end
  9. def alternative_success
  10. head 200
  11. end
  12. end
  13. before do
  14. routes.draw { match via: [:get, :post], 'success' => 'anonymous#success' }
  15. end
  16. context 'without signature header' do
  17. before do
  18. get :success
  19. end
  20. describe '#signed_request?' do
  21. it 'returns false' do
  22. expect(controller.signed_request?).to be false
  23. end
  24. end
  25. describe '#signed_request_account' do
  26. it 'returns nil' do
  27. expect(controller.signed_request_account).to be_nil
  28. end
  29. end
  30. end
  31. context 'with signature header' do
  32. let!(:author) { Fabricate(:account) }
  33. context 'without body' do
  34. before do
  35. get :success
  36. fake_request = Request.new(:get, request.url)
  37. fake_request.on_behalf_of(author)
  38. request.headers.merge!(fake_request.headers)
  39. end
  40. describe '#signed_request?' do
  41. it 'returns true' do
  42. expect(controller.signed_request?).to be true
  43. end
  44. end
  45. describe '#signed_request_account' do
  46. it 'returns an account' do
  47. expect(controller.signed_request_account).to eq author
  48. end
  49. it 'returns nil when path does not match' do
  50. request.path = '/alternative-path'
  51. expect(controller.signed_request_account).to be_nil
  52. end
  53. it 'returns nil when method does not match' do
  54. post :success
  55. expect(controller.signed_request_account).to be_nil
  56. end
  57. end
  58. end
  59. context 'with body' do
  60. before do
  61. post :success, body: 'Hello world'
  62. fake_request = Request.new(:post, request.url, body: 'Hello world')
  63. fake_request.on_behalf_of(author)
  64. request.headers.merge!(fake_request.headers)
  65. end
  66. describe '#signed_request?' do
  67. it 'returns true' do
  68. expect(controller.signed_request?).to be true
  69. end
  70. end
  71. describe '#signed_request_account' do
  72. it 'returns an account' do
  73. expect(controller.signed_request_account).to eq author
  74. end
  75. it 'returns nil when path does not match' do
  76. request.path = '/alternative-path'
  77. expect(controller.signed_request_account).to be_nil
  78. end
  79. it 'returns nil when method does not match' do
  80. get :success
  81. expect(controller.signed_request_account).to be_nil
  82. end
  83. it 'returns nil when body has been tampered' do
  84. request.headers['RAW_POST_DATA'] = 'doo doo doo'
  85. expect(controller.signed_request_account).to be_nil
  86. end
  87. end
  88. end
  89. end
  90. end