logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma git clone https://hacktivis.me/git/pleroma.git

http_signature_plug_test.exs (2775B)

    

  1. # Pleroma: A lightweight social networking server
  2. # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
  3. # SPDX-License-Identifier: AGPL-3.0-only
  5. defmodule Pleroma.Web.Plugs.HTTPSignaturePlugTest do
  6.   use Pleroma.Web.ConnCase
  7.   alias Pleroma.Web.Plugs.HTTPSignaturePlug
  9.   import Plug.Conn
  10.   import Phoenix.Controller, only: [put_format: 2]
  11.   import Mock
  13.   test "it call HTTPSignatures to check validity if the actor sighed it" do
  14.     params = %{"actor" => "http://mastodon.example.org/users/admin"}
  15.     conn = build_conn(:get, "/doesntmattter", params)
  17.     with_mock HTTPSignatures, validate_conn: fn _ -> true end do
  18.       conn =
  19.         conn
  20.         |> put_req_header(
  21.           "signature",
  22.           "keyId=\"http://mastodon.example.org/users/admin#main-key"
  23.         )
  24.         |> put_format("activity+json")
  25.         |> HTTPSignaturePlug.call(%{})
  27.       assert conn.assigns.valid_signature == true
  28.       assert conn.halted == false
  29.       assert called(HTTPSignatures.validate_conn(:_))
  30.     end
  31.   end
  33.   describe "requires a signature when `authorized_fetch_mode` is enabled" do
  34.     setup do
  35.       clear_config([:activitypub, :authorized_fetch_mode], true)
  37.       params = %{"actor" => "http://mastodon.example.org/users/admin"}
  38.       conn = build_conn(:get, "/doesntmattter", params) |> put_format("activity+json")
  40.       [conn: conn]
  41.     end
  43.     test "when signature header is present", %{conn: conn} do
  44.       with_mock HTTPSignatures, validate_conn: fn _ -> false end do
  45.         conn =
  46.           conn
  47.           |> put_req_header(
  48.             "signature",
  49.             "keyId=\"http://mastodon.example.org/users/admin#main-key"
  50.           )
  51.           |> HTTPSignaturePlug.call(%{})
  53.         assert conn.assigns.valid_signature == false
  54.         assert conn.halted == true
  55.         assert conn.status == 401
  56.         assert conn.state == :sent
  57.         assert conn.resp_body == "Request not signed"
  58.         assert called(HTTPSignatures.validate_conn(:_))
  59.       end
  61.       with_mock HTTPSignatures, validate_conn: fn _ -> true end do
  62.         conn =
  63.           conn
  64.           |> put_req_header(
  65.             "signature",
  66.             "keyId=\"http://mastodon.example.org/users/admin#main-key"
  67.           )
  68.           |> HTTPSignaturePlug.call(%{})
  70.         assert conn.assigns.valid_signature == true
  71.         assert conn.halted == false
  72.         assert called(HTTPSignatures.validate_conn(:_))
  73.       end
  74.     end
  76.     test "halts the connection when `signature` header is not present", %{conn: conn} do
  77.       conn = HTTPSignaturePlug.call(conn, %{})
  78.       assert conn.assigns[:valid_signature] == nil
  79.       assert conn.halted == true
  80.       assert conn.status == 401
  81.       assert conn.state == :sent
  82.       assert conn.resp_body == "Request not signed"
  83.     end
  84.   end
  85. end