Fix signature checking

2023-08-07 16:17:17 +01:00 · 2023-08-07 16:17:17 +01:00 · 0c21341156
commit 0c21341156
parent 7825798e32
7 changed files with 65 additions and 16 deletions
--- a/.woodpecker/test.yml
+++ b/.woodpecker/test.yml
@ -12,9 +12,8 @@ matrix:
      OTP_VERSION: 25
    - ELIXIR_VERSION: 1.15
      OTP_VERSION: 25
-    # Soon
-    #- ELIXIR_VERSION: 1.15
-    #  OTP_VERSION: 26
+    - ELIXIR_VERSION: 1.15
+      OTP_VERSION: 26

 variables:
  - &scw-secrets
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.

 The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).

+## Unreleased
+
+## Added
+
 ## 2023.08

 ## Added
--- a/mix.exs
+++ b/mix.exs
@ -157,7 +157,9 @@ defp deps do
      {:timex, "~> 3.7"},
      {:ueberauth, "~> 0.10"},
      {:linkify, git: "https://akkoma.dev/AkkomaGang/linkify.git"},
-      {:http_signatures, "~> 0.1.1"},
+      {:http_signatures,
+       git: "https://akkoma.dev/AkkomaGang/http_signatures.git",
+       ref: "6640ce7d24c783ac2ef56e27d00d12e8dc85f396"},
      {:telemetry, "~> 1.2"},
      {:telemetry_poller, "~> 1.0"},
      {:telemetry_metrics, "~> 0.6"},
--- a/mix.lock
+++ b/mix.lock
@ -57,7 +57,7 @@
  "hackney": {:hex, :hackney, "1.18.1", "f48bf88f521f2a229fc7bae88cf4f85adc9cd9bcf23b5dc8eb6a1788c662c4f6", [:rebar3], [{:certifi, "~> 2.9.0", [hex: :certifi, repo: "hexpm", optional: false]}, {:idna, "~> 6.1.0", [hex: :idna, repo: "hexpm", optional: false]}, {:metrics, "~> 1.0.0", [hex: :metrics, repo: "hexpm", optional: false]}, {:mimerl, "~> 1.1", [hex: :mimerl, repo: "hexpm", optional: false]}, {:parse_trans, "3.3.1", [hex: :parse_trans, repo: "hexpm", optional: false]}, {:ssl_verify_fun, "~> 1.1.0", [hex: :ssl_verify_fun, repo: "hexpm", optional: false]}, {:unicode_util_compat, "~> 0.7.0", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm", "a4ecdaff44297e9b5894ae499e9a070ea1888c84afdd1fd9b7b2bc384950128e"},
  "hpax": {:hex, :hpax, "0.1.2", "09a75600d9d8bbd064cdd741f21fc06fc1f4cf3d0fcc335e5aa19be1a7235c84", [:mix], [], "hexpm", "2c87843d5a23f5f16748ebe77969880e29809580efdaccd615cd3bed628a8c13"},
  "html_entities": {:hex, :html_entities, "0.5.2", "9e47e70598da7de2a9ff6af8758399251db6dbb7eebe2b013f2bbd2515895c3c", [:mix], [], "hexpm", "c53ba390403485615623b9531e97696f076ed415e8d8058b1dbaa28181f4fdcc"},
-  "http_signatures": {:hex, :http_signatures, "0.1.1", "ca7ebc1b61542b163644c8c3b1f0e0f41037d35f2395940d3c6c7deceab41fd8", [:mix], [], "hexpm", "cc3b8a007322cc7b624c0c15eec49ee58ac977254ff529a3c482f681465942a3"},
+  "http_signatures": {:git, "https://akkoma.dev/AkkomaGang/http_signatures.git", "6640ce7d24c783ac2ef56e27d00d12e8dc85f396", [ref: "6640ce7d24c783ac2ef56e27d00d12e8dc85f396"]},
  "httpoison": {:hex, :httpoison, "1.8.2", "9eb9c63ae289296a544842ef816a85d881d4a31f518a0fec089aaa744beae290", [:mix], [{:hackney, "~> 1.17", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm", "2bb350d26972e30c96e2ca74a1aaf8293d61d0742ff17f01e0279fef11599921"},
  "idna": {:hex, :idna, "6.1.1", "8a63070e9f7d0c62eb9d9fcb360a7de382448200fbbd1b106cc96d3d8099df8d", [:rebar3], [{:unicode_util_compat, "~> 0.7.0", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm", "92376eb7894412ed19ac475e4a86f7b413c1b9fbb5bd16dccd57934157944cea"},
  "inet_cidr": {:hex, :inet_cidr, "1.0.4", "a05744ab7c221ca8e395c926c3919a821eb512e8f36547c062f62c4ca0cf3d6e", [:mix], [], "hexpm", "64a2d30189704ae41ca7dbdd587f5291db5d1dda1414e0774c29ffc81088c1bc"},
--- a/test/pleroma/signature_test.exs
+++ b/test/pleroma/signature_test.exs
@ -71,6 +71,35 @@ test "it returns error when not found user" do
    end
  end

+  defp split_signature(sig) do
+    sig
+    |> String.split(",")
+    |> Enum.map(fn part ->
+      [key, value] = String.split(part, "=", parts: 2)
+      [key, String.trim(value, ~s|"|)]
+    end)
+    |> Enum.sort_by(fn [k, _] -> k end)
+  end
+
+  # Break up a signature and check by parts
+  defp assert_signature_equal(sig_a, sig_b) when is_binary(sig_a) and is_binary(sig_b) do
+    parts_a = split_signature(sig_a)
+    parts_b = split_signature(sig_b)
+
+    parts_a
+    |> Enum.with_index()
+    |> Enum.each(fn {part_a, index} ->
+      part_b = Enum.at(parts_b, index)
+      assert_part_equal(part_a, part_b)
+    end)
+  end
+
+  defp assert_part_equal(part_a, part_b) do
+    if part_a != part_b do
+      flunk("Signature check failed - expected #{part_a} to equal #{part_b}")
+    end
+  end
+
  describe "sign/2" do
    test "it returns signature headers" do
      user =
@ -79,14 +108,18 @@ test "it returns signature headers" do
          keys: @private_key
        })

-      assert Signature.sign(
-               user,
-               %{
-                 host: "test.test",
-                 "content-length": 100
-               }
-             ) ==
-               "keyId=\"https://mastodon.social/users/lambadalambda#main-key\",algorithm=\"rsa-sha256\",headers=\"content-length host\",signature=\"sibUOoqsFfTDerquAkyprxzDjmJm6erYc42W5w1IyyxusWngSinq5ILTjaBxFvfarvc7ci1xAi+5gkBwtshRMWm7S+Uqix24Yg5EYafXRun9P25XVnYBEIH4XQ+wlnnzNIXQkU3PU9e6D8aajDZVp3hPJNeYt1gIPOA81bROI8/glzb1SAwQVGRbqUHHHKcwR8keiR/W2h7BwG3pVRy4JgnIZRSW7fQogKedDg02gzRXwUDFDk0pr2p3q6bUWHUXNV8cZIzlMK+v9NlyFbVYBTHctAR26GIAN6Hz0eV0mAQAePHDY1mXppbA8Gpp6hqaMuYfwifcXmcc+QFm4e+n3A==\""
+      headers = %{
+        host: "test.test",
+        "content-length": 100
+      }
+
+      assert_signature_equal(
+        Signature.sign(
+          user,
+          headers
+        ),
+        "keyId=\"https://mastodon.social/users/lambadalambda#main-key\",algorithm=\"rsa-sha256\",headers=\"content-length host\",signature=\"sibUOoqsFfTDerquAkyprxzDjmJm6erYc42W5w1IyyxusWngSinq5ILTjaBxFvfarvc7ci1xAi+5gkBwtshRMWm7S+Uqix24Yg5EYafXRun9P25XVnYBEIH4XQ+wlnnzNIXQkU3PU9e6D8aajDZVp3hPJNeYt1gIPOA81bROI8/glzb1SAwQVGRbqUHHHKcwR8keiR/W2h7BwG3pVRy4JgnIZRSW7fQogKedDg02gzRXwUDFDk0pr2p3q6bUWHUXNV8cZIzlMK+v9NlyFbVYBTHctAR26GIAN6Hz0eV0mAQAePHDY1mXppbA8Gpp6hqaMuYfwifcXmcc+QFm4e+n3A==\""
+      )
    end

    test "it returns error" do
--- a/test/pleroma/web/web_finger/web_finger_controller_test.exs
+++ b/test/pleroma/web/web_finger/web_finger_controller_test.exs
@ -24,8 +24,10 @@ test "GET host-meta" do

    assert response.status == 200

-    assert_xml_equals(response.resp_body,
-             ~s(<?xml version="1.0" encoding="UTF-8"?><XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0"><Link rel="lrdd" template="#{Pleroma.Web.Endpoint.url()}/.well-known/webfinger?resource={uri}" type="application/xrd+xml" /></XRD>))
+    assert_xml_equals(
+      response.resp_body,
+      ~s(<?xml version="1.0" encoding="UTF-8"?><XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0"><Link rel="lrdd" template="#{Pleroma.Web.Endpoint.url()}/.well-known/webfinger?resource={uri}" type="application/xrd+xml" /></XRD>)
+    )
  end

  test "Webfinger JRD" do
--- a/test/support/matchers/list.ex
+++ b/test/support/matchers/list.ex
@ -2,6 +2,15 @@ defmodule Pleroma.Test.Matchers.List do
  import ExUnit.Assertions

  def assert_unordered_list_equal(list_a, list_b) when is_list(list_a) and is_list(list_b) do
-    assert Enum.sort(list_a) == Enum.sort(list_b)
+    list_a = Enum.sort(list_a)
+    list_b = Enum.sort(list_b)
+
+    if list_a != list_b do
+      flunk("Expected list
+      #{inspect(list_a)}
+      to have the same elements as 
+      #{inspect(list_b)}
+      ")
+    end
  end
 end