diff --git a/lib/pleroma/user.ex b/lib/pleroma/user.ex index 95c2e878d..bce8ce84a 100644 --- a/lib/pleroma/user.ex +++ b/lib/pleroma/user.ex @@ -1155,7 +1155,8 @@ def update_and_set_cache(%{data: %Pleroma.User{} = user} = changeset) do was_superuser_before_update = User.superuser?(user) with {:ok, user} <- Repo.update(changeset, stale_error_field: :id) do - set_cache(user) + user + |> set_cache() end |> maybe_remove_report_notifications(was_superuser_before_update) end diff --git a/lib/pleroma/user/signing_key.ex b/lib/pleroma/user/signing_key.ex index 92ce7ae5d..3b5f4c35d 100644 --- a/lib/pleroma/user/signing_key.ex +++ b/lib/pleroma/user/signing_key.ex @@ -18,6 +18,11 @@ defmodule Pleroma.User.SigningKey do timestamps() end + def load_key(%User{} = user) do + user + |> Repo.preload(:signing_key) + end + def key_id_of_local_user(%User{local: true, signing_key: %__MODULE__{key_id: key_id}}), do: key_id diff --git a/mix.exs b/mix.exs index 7ffc450e2..418db47a1 100644 --- a/mix.exs +++ b/mix.exs @@ -200,7 +200,7 @@ defp deps do ## dev & test {:ex_doc, "~> 0.30", only: :dev, runtime: false}, - {:ex_machina, "~> 2.7", only: :test}, + {:ex_machina, "~> 2.8", only: :test}, {:credo, "~> 1.7", only: [:dev, :test], runtime: false}, {:mock, "~> 0.3.8", only: :test}, {:excoveralls, "0.16.1", only: :test}, diff --git a/test/pleroma/web/activity_pub/activity_pub_controller_test.exs b/test/pleroma/web/activity_pub/activity_pub_controller_test.exs index b325bcb9a..26b6f8e47 100644 --- a/test/pleroma/web/activity_pub/activity_pub_controller_test.exs +++ b/test/pleroma/web/activity_pub/activity_pub_controller_test.exs @@ -584,6 +584,7 @@ test "it inserts an incoming activity into the database" <> local: false, last_refreshed_at: nil ) + |> with_signing_key() data = File.read!("test/fixtures/mastodon-post-activity.json") @@ -594,7 +595,7 @@ test "it inserts an incoming activity into the database" <> conn = conn |> assign(:valid_signature, true) - |> put_req_header("signature", "keyId=\"#{user.ap_id}/main-key\"") + |> put_req_header("signature", "keyId=\"#{user.signing_key.key_id}\"") |> put_req_header("content-type", "application/activity+json") |> post("/inbox", data) @@ -609,6 +610,7 @@ test "it clears `unreachable` federation status of the sender", %{conn: conn} do sender_url = data["actor"] sender = insert(:user, ap_id: data["actor"]) + |> with_signing_key() Instances.set_consistently_unreachable(sender_url) refute Instances.reachable?(sender_url) @@ -616,7 +618,7 @@ test "it clears `unreachable` federation status of the sender", %{conn: conn} do conn = conn |> assign(:valid_signature, true) - |> put_req_header("signature", "keyId=\"#{sender.ap_id}/main-key\"") + |> put_req_header("signature", "keyId=\"#{sender.signing_key.key_id}\"") |> put_req_header("content-type", "application/activity+json") |> post("/inbox", data) @@ -784,6 +786,7 @@ test "mastodon pin/unpin", %{conn: conn} do ap_id: actor, featured_address: "https://example.com/users/lain/collections/featured" ) + |> with_signing_key() Tesla.Mock.mock(fn %{ @@ -839,7 +842,7 @@ test "mastodon pin/unpin", %{conn: conn} do assert "ok" == conn |> assign(:valid_signature, true) - |> put_req_header("signature", "keyId=\"#{sender.ap_id}/main-key\"") + |> put_req_header("signature", "keyId=\"#{sender.signing_key.key_id}\"") |> put_req_header("content-type", "application/activity+json") |> post("/inbox", data) |> json_response(200) @@ -974,6 +977,7 @@ test "it accepts announces with to as string instead of array", %{conn: conn} do {:ok, post} = CommonAPI.post(user, %{status: "hey"}) announcer = insert(:user, local: false) + |> with_signing_key() data = %{ "@context" => "https://www.w3.org/ns/activitystreams", @@ -988,7 +992,7 @@ test "it accepts announces with to as string instead of array", %{conn: conn} do conn = conn |> assign(:valid_signature, true) - |> put_req_header("signature", "keyId=\"#{announcer.ap_id}/main-key\"") + |> put_req_header("signature", "keyId=\"#{announcer.signing_key.key_id}\"") |> put_req_header("content-type", "application/activity+json") |> post("/users/#{user.nickname}/inbox", data) @@ -1004,6 +1008,7 @@ test "it accepts messages from actors that are followed by the user", %{ } do recipient = insert(:user) actor = insert(:user, %{ap_id: "http://mastodon.example.org/users/actor"}) + |> with_signing_key() {:ok, recipient, actor} = User.follow(recipient, actor) @@ -1019,7 +1024,7 @@ test "it accepts messages from actors that are followed by the user", %{ conn = conn |> assign(:valid_signature, true) - |> put_req_header("signature", "keyId=\"#{actor.ap_id}/main-key\"") + |> put_req_header("signature", "keyId=\"#{actor.signing_key.key_id}\"") |> put_req_header("content-type", "application/activity+json") |> post("/users/#{recipient.nickname}/inbox", data) @@ -1057,6 +1062,7 @@ test "it returns a note activity in a collection", %{conn: conn} do test "it clears `unreachable` federation status of the sender", %{conn: conn, data: data} do user = insert(:user) + |> with_signing_key() data = Map.put(data, "bcc", [user.ap_id]) sender_host = URI.parse(data["actor"]).host @@ -1066,7 +1072,7 @@ test "it clears `unreachable` federation status of the sender", %{conn: conn, da conn = conn |> assign(:valid_signature, true) - |> put_req_header("signature", "keyId=\"#{data["actor"]}/main-key\"") + |> put_req_header("signature", "keyId=\"#{user.signing_key.key_id}\"") |> put_req_header("content-type", "application/activity+json") |> post("/users/#{user.nickname}/inbox", data) @@ -1077,6 +1083,8 @@ test "it clears `unreachable` federation status of the sender", %{conn: conn, da @tag capture_log: true test "it removes all follower collections but actor's", %{conn: conn} do [actor, recipient] = insert_pair(:user) + actor = with_signing_key(actor) + to = [ recipient.ap_id, @@ -1105,7 +1113,7 @@ test "it removes all follower collections but actor's", %{conn: conn} do conn |> assign(:valid_signature, true) - |> put_req_header("signature", "keyId=\"#{actor.ap_id}/main-key\"") + |> put_req_header("signature", "keyId=\"#{actor.signing_key.key_id}\"") |> put_req_header("content-type", "application/activity+json") |> post("/users/#{recipient.nickname}/inbox", data) |> json_response(200) @@ -1142,6 +1150,7 @@ test "it requires authentication", %{conn: conn} do test "forwarded report", %{conn: conn} do admin = insert(:user, is_admin: true) actor = insert(:user, local: false) + |> with_signing_key() remote_domain = URI.parse(actor.ap_id).host reported_user = insert(:user) @@ -1198,7 +1207,7 @@ test "forwarded report", %{conn: conn} do conn |> assign(:valid_signature, true) - |> put_req_header("signature", "keyId=\"#{actor.ap_id}/main-key\"") + |> put_req_header("signature", "keyId=\"#{actor.signing_key.key_id}\"") |> put_req_header("content-type", "application/activity+json") |> post("/users/#{reported_user.nickname}/inbox", data) |> json_response(200) diff --git a/test/pleroma/web/plugs/mapped_signature_to_identity_plug_test.exs b/test/pleroma/web/plugs/mapped_signature_to_identity_plug_test.exs index cfcccbf9e..77b14bbd2 100644 --- a/test/pleroma/web/plugs/mapped_signature_to_identity_plug_test.exs +++ b/test/pleroma/web/plugs/mapped_signature_to_identity_plug_test.exs @@ -58,6 +58,7 @@ test "it considers a mapped identity to be invalid when the associated instance # extract domain from user.ap_id url = URI.parse(user.ap_id) + clear_config([:mrf_simple, :reject], [ {url.host, "anime is banned"} ]) @@ -80,6 +81,7 @@ test "allowlist federation: it considers a mapped identity to be valid when the clear_config([:activitypub, :authorized_fetch_mode], true) url = URI.parse(user.ap_id) + clear_config([:mrf_simple, :accept], [ {url.host, "anime is allowed"} ]) diff --git a/test/support/factory.ex b/test/support/factory.ex index f648179d2..6689cc5d4 100644 --- a/test/support/factory.ex +++ b/test/support/factory.ex @@ -88,25 +88,28 @@ def user_factory(attrs \\ %{}) do end attrs = Map.delete(attrs, :domain) - signing_key = insert(:signing_key, %{key_id: urls[:ap_id] <> "#main-key"}) - user |> Map.put(:raw_bio, user.bio) - |> Map.put(:signing_key, signing_key) |> Map.merge(urls) |> merge_attributes(attrs) end + def with_signing_key(%User{} = user) do + signing_key = build(:signing_key, %{user: user, key_id: "#{user.ap_id}#main-key"}) + insert(signing_key) + %{user | signing_key: signing_key} + end + def signing_key_factory(attrs \\ %{}) do pem = Enum.random(@rsa_keys) + user = attrs[:user] || insert(:user) {:ok, public_key} = Pleroma.User.SigningKey.private_pem_to_public_pem(pem) - %Pleroma.User.SigningKey{ + user_id: user.id, public_key: public_key, private_key: pem, - key_id: attrs[:key_id] || "https://example.com/key" + key_id: attrs[:key_id] } - |> merge_attributes(attrs) end def user_relationship_factory(attrs \\ %{}) do