1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2022 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.Plugs.HTTPSignaturePlugTest do
6 use Pleroma.Web.ConnCase
7 alias Pleroma.Web.Plugs.HTTPSignaturePlug
10 import Phoenix.Controller, only: [put_format: 2]
13 test "it call HTTPSignatures to check validity if the actor sighed it" do
14 params = %{"actor" => "http://mastodon.example.org/users/admin"}
15 conn = build_conn(:get, "/doesntmattter", params)
17 with_mock HTTPSignatures, validate_conn: fn _ -> true end do
22 "keyId=\"http://mastodon.example.org/users/admin#main-key"
24 |> put_format("activity+json")
25 |> HTTPSignaturePlug.call(%{})
27 assert conn.assigns.valid_signature == true
28 assert conn.halted == false
29 assert called(HTTPSignatures.validate_conn(:_))
33 describe "requires a signature when `authorized_fetch_mode` is enabled" do
35 clear_config([:activitypub, :authorized_fetch_mode], true)
37 params = %{"actor" => "http://mastodon.example.org/users/admin"}
38 conn = build_conn(:get, "/doesntmattter", params) |> put_format("activity+json")
43 test "when signature header is present", %{conn: conn} do
44 with_mock HTTPSignatures, validate_conn: fn _ -> false end do
49 "keyId=\"http://mastodon.example.org/users/admin#main-key"
51 |> HTTPSignaturePlug.call(%{})
53 assert conn.assigns.valid_signature == false
54 assert conn.halted == true
55 assert conn.status == 401
56 assert conn.state == :sent
57 assert conn.resp_body == "Request not signed"
58 assert called(HTTPSignatures.validate_conn(:_))
61 with_mock HTTPSignatures, validate_conn: fn _ -> true end do
66 "keyId=\"http://mastodon.example.org/users/admin#main-key"
68 |> HTTPSignaturePlug.call(%{})
70 assert conn.assigns.valid_signature == true
71 assert conn.halted == false
72 assert called(HTTPSignatures.validate_conn(:_))
76 test "halts the connection when `signature` header is not present", %{conn: conn} do
77 conn = HTTPSignaturePlug.call(conn, %{})
78 assert conn.assigns[:valid_signature] == nil
79 assert conn.halted == true
80 assert conn.status == 401
81 assert conn.state == :sent
82 assert conn.resp_body == "Request not signed"