diff --git a/test/fixtures/httpoison_mock/hellpie.json b/test/fixtures/httpoison_mock/hellpie.json new file mode 100644 index 000000000..e228ba394 --- /dev/null +++ b/test/fixtures/httpoison_mock/hellpie.json @@ -0,0 +1 @@ +{"@context":["https://www.w3.org/ns/activitystreams","https://w3id.org/security/v1",{"manuallyApprovesFollowers":"as:manuallyApprovesFollowers","sensitive":"as:sensitive","movedTo":"as:movedTo","Hashtag":"as:Hashtag","ostatus":"http://ostatus.org#","atomUri":"ostatus:atomUri","inReplyToAtomUri":"ostatus:inReplyToAtomUri","conversation":"ostatus:conversation","toot":"http://joinmastodon.org/ns#","Emoji":"toot:Emoji"}],"id":"https://masto.quad.moe/users/_HellPie","type":"Person","following":"https://masto.quad.moe/users/_HellPie/following","followers":"https://masto.quad.moe/users/_HellPie/followers","inbox":"https://masto.quad.moe/users/_HellPie/inbox","outbox":"https://masto.quad.moe/users/_HellPie/outbox","preferredUsername":"_HellPie","name":"_HellPie","summary":"\u003cp\u003eAndroid (Java) Developer, Linux addict. Often an asshole. Usually mentally ill, sometimes just retarded.\u003c/p\u003e\u003cp\u003eGitHub: \u003ca href=\"https://github.com/HellPie\" rel=\"nofollow noopener\" target=\"_blank\"\u003e\u003cspan class=\"invisible\"\u003ehttps://\u003c/span\u003e\u003cspan class=\"\"\u003egithub.com/HellPie\u003c/span\u003e\u003cspan class=\"invisible\"\u003e\u003c/span\u003e\u003c/a\u003e\u003c/p\u003e","url":"https://masto.quad.moe/@_HellPie","manuallyApprovesFollowers":false,"publicKey":{"id":"https://masto.quad.moe/users/_HellPie#main-key","owner":"https://masto.quad.moe/users/_HellPie","publicKeyPem":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA1fIReYnqpap6e3sIskIx\ni7q130EvfkSOTBTBe01w3Xb/7/JwzWgkmSp+sK5s/ImO2oZb3ljmKZ3iTg4ETtVa\nCrT98/5p4Hlw/Oozb0kTx+tUazrucr023u8lTmn5sVgksKue59gPzKEuJJT1Te7H\nPJg2frz4QZWEY9nuygJoDaWgLvq1aa4oRfctlpo2C4d4oKRZFx2wtgeGVpahsikX\nKFBWuvEMFL2LUWb44BkvN6bTmXL9ryQY2oRsWn0yZHnTvFItq4vkFSNNe6sK13pM\nOHu1rVJrKg2hNVpBowds9YqZM8zP9F0GS7SEARbwPRCaAGLJGNwLjfJolJ/231eU\nKQIDAQAB\n-----END PUBLIC KEY-----\n"},"endpoints":{"sharedInbox":"https://masto.quad.moe/inbox"},"icon":{"type":"Image","mediaType":"image/png","url":"https://masto.quad.moe/system/accounts/avatars/000/012/255/original/39b907e6b169191d.png"},"image":{"type":"Image","mediaType":"image/png","url":"https://masto.quad.moe/system/accounts/headers/000/012/255/original/8d3ace0025bdda431e07230668303945.png"}} \ No newline at end of file diff --git a/test/fixtures/httpoison_mock/rye.json b/test/fixtures/httpoison_mock/rye.json new file mode 100644 index 000000000..f31d1ddd8 --- /dev/null +++ b/test/fixtures/httpoison_mock/rye.json @@ -0,0 +1 @@ +{"@context":["https://www.w3.org/ns/activitystreams","https://w3id.org/security/v1",{"manuallyApprovesFollowers":"as:manuallyApprovesFollowers","sensitive":"as:sensitive","movedTo":"as:movedTo","Hashtag":"as:Hashtag","ostatus":"http://ostatus.org#","atomUri":"ostatus:atomUri","inReplyToAtomUri":"ostatus:inReplyToAtomUri","conversation":"ostatus:conversation","toot":"http://joinmastodon.org/ns#","Emoji":"toot:Emoji"}],"id":"https://niu.moe/users/rye","type":"Person","following":"https://niu.moe/users/rye/following","followers":"https://niu.moe/users/rye/followers","inbox":"https://niu.moe/users/rye/inbox","outbox":"https://niu.moe/users/rye/outbox","preferredUsername":"rye","name":"♡ rye ♡","summary":"\u003cp\u003elettuce club champion\u003c/p\u003e\u003cp\u003eicon by gomigomipomi\u003c/p\u003e","url":"https://niu.moe/@rye","manuallyApprovesFollowers":false,"publicKey":{"id":"https://niu.moe/users/rye#main-key","owner":"https://niu.moe/users/rye","publicKeyPem":"-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA83uRWjCFO35FwfA38mzv\nEL0TUaXB7+2hYvPwNrn1WY6me5DRbqB5zzMrzWMGr0HSooqNqEYBafGsmVTWUqIk\nKM9ehtIBraJI+mT5X7DPR3LrXOJF4a9EEslg8XvAk8MN9IrAhm6UljnvB67RtDcA\nTNB01VWy9yWnxFRtz9o/EMoBPyw5giOaXE2ibVNP8lQIqGKuuBKPzPjSJygdvQ5q\nxfow2z1TpKRqdsNDqn4n6U6zCXYTzkr0J71/tGw7fsgfv78l0Wjrc7EcuBk74OaG\nC65UDiu3X4Q6kxCfCEhPSfuwLN+UZkzxcn6goWR0iYpWs57+4tFKu9nJYP4QJ0K9\nTwIDAQAB\n-----END PUBLIC KEY-----\n"},"endpoints":{"sharedInbox":"https://niu.moe/inbox"},"icon":{"type":"Image","mediaType":"image/jpeg","url":"https://cdn.niu.moe/accounts/avatars/000/033/323/original/fd7f8ae0b3ffedc9.jpeg"},"image":{"type":"Image","mediaType":"image/png","url":"https://cdn.niu.moe/accounts/headers/000/033/323/original/850b3448fa5fd477.png"}} \ No newline at end of file diff --git a/test/support/httpoison_mock.ex b/test/support/httpoison_mock.ex index 2b47b9b70..b8f2422f6 100644 --- a/test/support/httpoison_mock.ex +++ b/test/support/httpoison_mock.ex @@ -373,6 +373,20 @@ def get("http://mastodon.example.org/users/admin", ["Accept": "application/activ }} end + def get("https://masto.quad.moe/users/_HellPie", ["Accept": "application/activity+json"], _) do + {:ok, %Response{ + status_code: 200, + body: File.read!("test/fixtures/httpoison_mock/hellpie.json") + }} + end + + def get("https://niu.moe/users/rye", ["Accept": "application/activity+json"], _) do + {:ok, %Response{ + status_code: 200, + body: File.read!("test/fixtures/httpoison_mock/rye.json") + }} + end + def get("http://mastodon.example.org/@admin/99541947525187367", ["Accept": "application/activity+json"], _) do {:ok, %Response{ status_code: 200, diff --git a/test/web/http_sigs/http_sig_test.exs b/test/web/http_sigs/http_sig_test.exs index 2061f45de..fd568a67a 100644 --- a/test/web/http_sigs/http_sig_test.exs +++ b/test/web/http_sigs/http_sig_test.exs @@ -108,6 +108,45 @@ test "it validates a conn and fetches the key" do assert HTTPSignatures.validate_conn(conn) end + test "validate this" do + conn = %{ + params: %{"actor" => "https://niu.moe/users/rye"}, + req_headers: [ + {"x-forwarded-for", "149.202.73.191"}, + {"host", "testing.pleroma.lol"}, + {"x-cluster-client-ip", "149.202.73.191"}, + {"connection", "upgrade"}, + {"content-length", "2396"}, + {"user-agent", "http.rb/3.0.0 (Mastodon/2.2.0; +https://niu.moe/)"}, + {"date", "Sun, 18 Feb 2018 20:31:51 GMT"}, + {"digest", "SHA-256=dzH+vLyhxxALoe9RJdMl4hbEV9bGAZnSfddHQzeidTU="}, + {"content-type", "application/activity+json"}, + {"signature", "keyId=\"https://niu.moe/users/rye#main-key\",algorithm=\"rsa-sha256\",headers=\"(request-target) user-agent host date digest content-type\",signature=\"wtxDg4kIpW7nsnUcVJhBk6SgJeDZOocr8yjsnpDRqE52lR47SH6X7G16r7L1AUJdlnbfx7oqcvomoIJoHB3ghP6kRnZW6MyTMZ2jPoi3g0iC5RDqv6oAmDSO14iw6U+cqZbb3P/odS5LkbThF0UNXcfenVNfsKosIJycFjhNQc54IPCDXYq/7SArEKJp8XwEgzmiC2MdxlkVIUSTQYfjM4EG533cwlZocw1mw72e5mm/owTa80BUZAr0OOuhoWARJV9btMb02ZyAF6SCSoGPTA37wHyfM1Dk88NHf7Z0Aov/Fl65dpRM+XyoxdkpkrhDfH9qAx4iuV2VEWddQDiXHA==\""}, + {"(request-target)", "post /inbox"} + ] + } + assert HTTPSignatures.validate_conn(conn) + end + + test "validate this too" do + conn = %{ + params: %{"actor" => "https://niu.moe/users/rye"}, + req_headers: [ + {"x-forwarded-for", "149.202.73.191"}, + {"host", "testing.pleroma.lol"}, + {"x-cluster-client-ip", "149.202.73.191"}, + {"connection", "upgrade"}, + {"content-length", "2342"}, + {"user-agent", "http.rb/3.0.0 (Mastodon/2.2.0; +https://niu.moe/)"}, + {"date", "Sun, 18 Feb 2018 21:44:46 GMT"}, + {"digest", "SHA-256=vS8uDOJlyAu78cF3k5EzrvaU9iilHCX3chP37gs5sS8="}, + {"content-type", "application/activity+json"}, + {"signature", "keyId=\"https://niu.moe/users/rye#main-key\",algorithm=\"rsa-sha256\",headers=\"(request-target) user-agent host date digest content-type\",signature=\"IN6fHD8pLiDEf35dOaRHzJKc1wBYh3/Yq0ItaNGxUSbJTd2xMjigZbcsVKzvgYYjglDDN+disGNeD+OBKwMqkXWaWe/lyMc9wHvCH5NMhpn/A7qGLY8yToSt4vh8ytSkZKO6B97yC+Nvy6Fz/yMbvKtFycIvSXCq417cMmY6f/aG+rtMUlTbKO5gXzC7SUgGJCtBPCh1xZzu5/w0pdqdjO46ePNeR6JyJSLLV4hfo3+p2n7SRraxM4ePVCUZqhwS9LPt3Zdhy3ut+IXCZgMVIZggQFM+zXLtcXY5HgFCsFQr5WQDu+YkhWciNWtKFnWfAsnsg5sC330lZ/0Z8Z91yA==\""}, + {"(request-target)", "post /inbox"} + ]} + assert HTTPSignatures.validate_conn(conn) + end + test "it generates a signature" do user = insert(:user) assert HTTPSignatures.sign(user, %{host: "mastodon.example.org"}) =~ "keyId=\""