From 0c2134115695355a34af1702c5899fd5d6d61a8c Mon Sep 17 00:00:00 2001 From: FloatingGhost Date: Mon, 7 Aug 2023 16:17:17 +0100 Subject: [PATCH] Fix signature checking --- .woodpecker/test.yml | 5 +- CHANGELOG.md | 4 ++ mix.exs | 4 +- mix.lock | 2 +- test/pleroma/signature_test.exs | 49 ++++++++++++++++--- .../web_finger/web_finger_controller_test.exs | 6 ++- test/support/matchers/list.ex | 11 ++++- 7 files changed, 65 insertions(+), 16 deletions(-) diff --git a/.woodpecker/test.yml b/.woodpecker/test.yml index be8ea0dfa..d52746929 100644 --- a/.woodpecker/test.yml +++ b/.woodpecker/test.yml @@ -12,9 +12,8 @@ matrix: OTP_VERSION: 25 - ELIXIR_VERSION: 1.15 OTP_VERSION: 25 - # Soon - #- ELIXIR_VERSION: 1.15 - # OTP_VERSION: 26 + - ELIXIR_VERSION: 1.15 + OTP_VERSION: 26 variables: - &scw-secrets diff --git a/CHANGELOG.md b/CHANGELOG.md index 6e26a2a83..004b8b835 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file. The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). +## Unreleased + +## Added + ## 2023.08 ## Added diff --git a/mix.exs b/mix.exs index 5aa1381d5..e31cd62af 100644 --- a/mix.exs +++ b/mix.exs @@ -157,7 +157,9 @@ defp deps do {:timex, "~> 3.7"}, {:ueberauth, "~> 0.10"}, {:linkify, git: "https://akkoma.dev/AkkomaGang/linkify.git"}, - {:http_signatures, "~> 0.1.1"}, + {:http_signatures, + git: "https://akkoma.dev/AkkomaGang/http_signatures.git", + ref: "6640ce7d24c783ac2ef56e27d00d12e8dc85f396"}, {:telemetry, "~> 1.2"}, {:telemetry_poller, "~> 1.0"}, {:telemetry_metrics, "~> 0.6"}, diff --git a/mix.lock b/mix.lock index 471e61750..7e661c139 100644 --- a/mix.lock +++ b/mix.lock @@ -57,7 +57,7 @@ "hackney": {:hex, :hackney, "1.18.1", "f48bf88f521f2a229fc7bae88cf4f85adc9cd9bcf23b5dc8eb6a1788c662c4f6", [:rebar3], [{:certifi, "~> 2.9.0", [hex: :certifi, repo: "hexpm", optional: false]}, {:idna, "~> 6.1.0", [hex: :idna, repo: "hexpm", optional: false]}, {:metrics, "~> 1.0.0", [hex: :metrics, repo: "hexpm", optional: false]}, {:mimerl, "~> 1.1", [hex: :mimerl, repo: "hexpm", optional: false]}, {:parse_trans, "3.3.1", [hex: :parse_trans, repo: "hexpm", optional: false]}, {:ssl_verify_fun, "~> 1.1.0", [hex: :ssl_verify_fun, repo: "hexpm", optional: false]}, {:unicode_util_compat, "~> 0.7.0", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm", "a4ecdaff44297e9b5894ae499e9a070ea1888c84afdd1fd9b7b2bc384950128e"}, "hpax": {:hex, :hpax, "0.1.2", "09a75600d9d8bbd064cdd741f21fc06fc1f4cf3d0fcc335e5aa19be1a7235c84", [:mix], [], "hexpm", "2c87843d5a23f5f16748ebe77969880e29809580efdaccd615cd3bed628a8c13"}, "html_entities": {:hex, :html_entities, "0.5.2", "9e47e70598da7de2a9ff6af8758399251db6dbb7eebe2b013f2bbd2515895c3c", [:mix], [], "hexpm", "c53ba390403485615623b9531e97696f076ed415e8d8058b1dbaa28181f4fdcc"}, - "http_signatures": {:hex, :http_signatures, "0.1.1", "ca7ebc1b61542b163644c8c3b1f0e0f41037d35f2395940d3c6c7deceab41fd8", [:mix], [], "hexpm", "cc3b8a007322cc7b624c0c15eec49ee58ac977254ff529a3c482f681465942a3"}, + "http_signatures": {:git, "https://akkoma.dev/AkkomaGang/http_signatures.git", "6640ce7d24c783ac2ef56e27d00d12e8dc85f396", [ref: "6640ce7d24c783ac2ef56e27d00d12e8dc85f396"]}, "httpoison": {:hex, :httpoison, "1.8.2", "9eb9c63ae289296a544842ef816a85d881d4a31f518a0fec089aaa744beae290", [:mix], [{:hackney, "~> 1.17", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm", "2bb350d26972e30c96e2ca74a1aaf8293d61d0742ff17f01e0279fef11599921"}, "idna": {:hex, :idna, "6.1.1", "8a63070e9f7d0c62eb9d9fcb360a7de382448200fbbd1b106cc96d3d8099df8d", [:rebar3], [{:unicode_util_compat, "~> 0.7.0", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm", "92376eb7894412ed19ac475e4a86f7b413c1b9fbb5bd16dccd57934157944cea"}, "inet_cidr": {:hex, :inet_cidr, "1.0.4", "a05744ab7c221ca8e395c926c3919a821eb512e8f36547c062f62c4ca0cf3d6e", [:mix], [], "hexpm", "64a2d30189704ae41ca7dbdd587f5291db5d1dda1414e0774c29ffc81088c1bc"}, diff --git a/test/pleroma/signature_test.exs b/test/pleroma/signature_test.exs index 1f52484a5..e2d02fe4c 100644 --- a/test/pleroma/signature_test.exs +++ b/test/pleroma/signature_test.exs @@ -71,6 +71,35 @@ test "it returns error when not found user" do end end + defp split_signature(sig) do + sig + |> String.split(",") + |> Enum.map(fn part -> + [key, value] = String.split(part, "=", parts: 2) + [key, String.trim(value, ~s|"|)] + end) + |> Enum.sort_by(fn [k, _] -> k end) + end + + # Break up a signature and check by parts + defp assert_signature_equal(sig_a, sig_b) when is_binary(sig_a) and is_binary(sig_b) do + parts_a = split_signature(sig_a) + parts_b = split_signature(sig_b) + + parts_a + |> Enum.with_index() + |> Enum.each(fn {part_a, index} -> + part_b = Enum.at(parts_b, index) + assert_part_equal(part_a, part_b) + end) + end + + defp assert_part_equal(part_a, part_b) do + if part_a != part_b do + flunk("Signature check failed - expected #{part_a} to equal #{part_b}") + end + end + describe "sign/2" do test "it returns signature headers" do user = @@ -79,14 +108,18 @@ test "it returns signature headers" do keys: @private_key }) - assert Signature.sign( - user, - %{ - host: "test.test", - "content-length": 100 - } - ) == - "keyId=\"https://mastodon.social/users/lambadalambda#main-key\",algorithm=\"rsa-sha256\",headers=\"content-length host\",signature=\"sibUOoqsFfTDerquAkyprxzDjmJm6erYc42W5w1IyyxusWngSinq5ILTjaBxFvfarvc7ci1xAi+5gkBwtshRMWm7S+Uqix24Yg5EYafXRun9P25XVnYBEIH4XQ+wlnnzNIXQkU3PU9e6D8aajDZVp3hPJNeYt1gIPOA81bROI8/glzb1SAwQVGRbqUHHHKcwR8keiR/W2h7BwG3pVRy4JgnIZRSW7fQogKedDg02gzRXwUDFDk0pr2p3q6bUWHUXNV8cZIzlMK+v9NlyFbVYBTHctAR26GIAN6Hz0eV0mAQAePHDY1mXppbA8Gpp6hqaMuYfwifcXmcc+QFm4e+n3A==\"" + headers = %{ + host: "test.test", + "content-length": 100 + } + + assert_signature_equal( + Signature.sign( + user, + headers + ), + "keyId=\"https://mastodon.social/users/lambadalambda#main-key\",algorithm=\"rsa-sha256\",headers=\"content-length host\",signature=\"sibUOoqsFfTDerquAkyprxzDjmJm6erYc42W5w1IyyxusWngSinq5ILTjaBxFvfarvc7ci1xAi+5gkBwtshRMWm7S+Uqix24Yg5EYafXRun9P25XVnYBEIH4XQ+wlnnzNIXQkU3PU9e6D8aajDZVp3hPJNeYt1gIPOA81bROI8/glzb1SAwQVGRbqUHHHKcwR8keiR/W2h7BwG3pVRy4JgnIZRSW7fQogKedDg02gzRXwUDFDk0pr2p3q6bUWHUXNV8cZIzlMK+v9NlyFbVYBTHctAR26GIAN6Hz0eV0mAQAePHDY1mXppbA8Gpp6hqaMuYfwifcXmcc+QFm4e+n3A==\"" + ) end test "it returns error" do diff --git a/test/pleroma/web/web_finger/web_finger_controller_test.exs b/test/pleroma/web/web_finger/web_finger_controller_test.exs index 929ebbed0..fe8301fa4 100644 --- a/test/pleroma/web/web_finger/web_finger_controller_test.exs +++ b/test/pleroma/web/web_finger/web_finger_controller_test.exs @@ -24,8 +24,10 @@ test "GET host-meta" do assert response.status == 200 - assert_xml_equals(response.resp_body, - ~s()) + assert_xml_equals( + response.resp_body, + ~s() + ) end test "Webfinger JRD" do diff --git a/test/support/matchers/list.ex b/test/support/matchers/list.ex index 78e82586d..fa3303e34 100644 --- a/test/support/matchers/list.ex +++ b/test/support/matchers/list.ex @@ -2,6 +2,15 @@ defmodule Pleroma.Test.Matchers.List do import ExUnit.Assertions def assert_unordered_list_equal(list_a, list_b) when is_list(list_a) and is_list(list_b) do - assert Enum.sort(list_a) == Enum.sort(list_b) + list_a = Enum.sort(list_a) + list_b = Enum.sort(list_b) + + if list_a != list_b do + flunk("Expected list + #{inspect(list_a)} + to have the same elements as + #{inspect(list_b)} + ") + end end end