[github/Chocobozzz/PeerTube.git] / server / tests / api / activitypub / security.ts

/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */

import 'mocha'
import * as chai from 'chai'
import { buildDigest } from '@server/helpers/peertube-crypto'
import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
import {
  cleanupTests,
  closeAllSequelize,
  flushAndRunMultipleServers,
  ServerInfo,
  setActorField,
  wait
} from '../../../../shared/extra-utils'
import { makeFollowRequest, makePOSTAPRequest } from '../../../../shared/extra-utils/requests/activitypub'
import { activityPubContextify, buildSignedActivity } from '../../../helpers/activitypub'
import { HTTP_SIGNATURE } from '../../../initializers/constants'
import { buildGlobalHeaders } from '../../../lib/job-queue/handlers/utils/activitypub-http-utils'

const expect = chai.expect

function setKeysOfServer (onServer: ServerInfo, ofServer: ServerInfo, publicKey: string, privateKey: string) {
  return Promise.all([
    setActorField(onServer.internalServerNumber, 'http://localhost:' + ofServer.port + '/accounts/peertube', 'publicKey', publicKey),
    setActorField(onServer.internalServerNumber, 'http://localhost:' + ofServer.port + '/accounts/peertube', 'privateKey', privateKey)
  ])
}

function getAnnounceWithoutContext (server2: ServerInfo) {
  const json = require('./json/peertube/announce-without-context.json')
  const result: typeof json = {}

  for (const key of Object.keys(json)) {
    if (Array.isArray(json[key])) {
      result[key] = json[key].map(v => v.replace(':9002', `:${server2.port}`))
    } else {
      result[key] = json[key].replace(':9002', `:${server2.port}`)
    }
  }

  return result
}

describe('Test ActivityPub security', function () {
  let servers: ServerInfo[]
  let url: string

  const keys = require('./json/peertube/keys.json')
  const invalidKeys = require('./json/peertube/invalid-keys.json')
  const baseHttpSignature = () => ({
    algorithm: HTTP_SIGNATURE.ALGORITHM,
    authorizationHeaderName: HTTP_SIGNATURE.HEADER_NAME,
    keyId: 'acct:peertube@localhost:' + servers[1].port,
    key: keys.privateKey,
    headers: HTTP_SIGNATURE.HEADERS_TO_SIGN
  })

  // ---------------------------------------------------------------

  before(async function () {
    this.timeout(60000)

    servers = await flushAndRunMultipleServers(3)

    url = servers[0].url + '/inbox'

    await setKeysOfServer(servers[0], servers[1], keys.publicKey, keys.privateKey)

    const to = { url: 'http://localhost:' + servers[0].port + '/accounts/peertube' }
    const by = { url: 'http://localhost:' + servers[1].port + '/accounts/peertube', privateKey: keys.privateKey }
    await makeFollowRequest(to, by)
  })

  describe('When checking HTTP signature', function () {

    it('Should fail with an invalid digest', async function () {
      const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
      const headers = {
        Digest: buildDigest({ hello: 'coucou' })
      }

      const { statusCode } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers)

      expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
    })

    it('Should fail with an invalid date', async function () {
      const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
      const headers = buildGlobalHeaders(body)
      headers['date'] = 'Wed, 21 Oct 2015 07:28:00 GMT'

      const { statusCode } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers)

      expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
    })

    it('Should fail with bad keys', async function () {
      await setKeysOfServer(servers[0], servers[1], invalidKeys.publicKey, invalidKeys.privateKey)
      await setKeysOfServer(servers[1], servers[1], invalidKeys.publicKey, invalidKeys.privateKey)

      const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
      const headers = buildGlobalHeaders(body)

      const { statusCode } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers)

      expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
    })

    it('Should reject requests without appropriate signed headers', async function () {
      await setKeysOfServer(servers[0], servers[1], keys.publicKey, keys.privateKey)
      await setKeysOfServer(servers[1], servers[1], keys.publicKey, keys.privateKey)

      const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
      const headers = buildGlobalHeaders(body)

      const signatureOptions = baseHttpSignature()
      const badHeadersMatrix = [
        [ '(request-target)', 'date', 'digest' ],
        [ 'host', 'date', 'digest' ],
        [ '(request-target)', 'host', 'digest' ]
      ]

      for (const badHeaders of badHeadersMatrix) {
        signatureOptions.headers = badHeaders

        const { statusCode } = await makePOSTAPRequest(url, body, signatureOptions, headers)
        expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
      }
    })

    it('Should succeed with a valid HTTP signature', async function () {
      const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
      const headers = buildGlobalHeaders(body)

      const { statusCode } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers)

      expect(statusCode).to.equal(HttpStatusCode.NO_CONTENT_204)
    })

    it('Should refresh the actor keys', async function () {
      this.timeout(20000)

      // Wait refresh invalidation
      await wait(10000)

      // Update keys of server 2 to invalid keys
      // Server 1 should refresh the actor and fail
      await setKeysOfServer(servers[1], servers[1], invalidKeys.publicKey, invalidKeys.privateKey)

      const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
      const headers = buildGlobalHeaders(body)

      const { statusCode } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers)

      expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
    })
  })

  describe('When checking Linked Data Signature', function () {
    before(async function () {
      this.timeout(10000)

      await setKeysOfServer(servers[0], servers[1], keys.publicKey, keys.privateKey)
      await setKeysOfServer(servers[1], servers[1], keys.publicKey, keys.privateKey)
      await setKeysOfServer(servers[2], servers[2], keys.publicKey, keys.privateKey)

      const to = { url: 'http://localhost:' + servers[0].port + '/accounts/peertube' }
      const by = { url: 'http://localhost:' + servers[2].port + '/accounts/peertube', privateKey: keys.privateKey }
      await makeFollowRequest(to, by)
    })

    it('Should fail with bad keys', async function () {
      this.timeout(10000)

      await setKeysOfServer(servers[0], servers[2], invalidKeys.publicKey, invalidKeys.privateKey)
      await setKeysOfServer(servers[2], servers[2], invalidKeys.publicKey, invalidKeys.privateKey)

      const body = getAnnounceWithoutContext(servers[1])
      body.actor = 'http://localhost:' + servers[2].port + '/accounts/peertube'

      const signer: any = { privateKey: invalidKeys.privateKey, url: 'http://localhost:' + servers[2].port + '/accounts/peertube' }
      const signedBody = await buildSignedActivity(signer, body)

      const headers = buildGlobalHeaders(signedBody)

      const { statusCode } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)

      expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
    })

    it('Should fail with an altered body', async function () {
      this.timeout(10000)

      await setKeysOfServer(servers[0], servers[2], keys.publicKey, keys.privateKey)
      await setKeysOfServer(servers[0], servers[2], keys.publicKey, keys.privateKey)

      const body = getAnnounceWithoutContext(servers[1])
      body.actor = 'http://localhost:' + servers[2].port + '/accounts/peertube'

      const signer: any = { privateKey: keys.privateKey, url: 'http://localhost:' + servers[2].port + '/accounts/peertube' }
      const signedBody = await buildSignedActivity(signer, body)

      signedBody.actor = 'http://localhost:' + servers[2].port + '/account/peertube'

      const headers = buildGlobalHeaders(signedBody)

      const { statusCode } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)

      expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
    })

    it('Should succeed with a valid signature', async function () {
      this.timeout(10000)

      const body = getAnnounceWithoutContext(servers[1])
      body.actor = 'http://localhost:' + servers[2].port + '/accounts/peertube'

      const signer: any = { privateKey: keys.privateKey, url: 'http://localhost:' + servers[2].port + '/accounts/peertube' }
      const signedBody = await buildSignedActivity(signer, body)

      const headers = buildGlobalHeaders(signedBody)

      const { statusCode } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)

      expect(statusCode).to.equal(HttpStatusCode.NO_CONTENT_204)
    })

    it('Should refresh the actor keys', async function () {
      this.timeout(20000)

      // Wait refresh invalidation
      await wait(10000)

      // Update keys of server 3 to invalid keys
      // Server 1 should refresh the actor and fail
      await setKeysOfServer(servers[2], servers[2], invalidKeys.publicKey, invalidKeys.privateKey)

      const body = getAnnounceWithoutContext(servers[1])
      body.actor = 'http://localhost:' + servers[2].port + '/accounts/peertube'

      const signer: any = { privateKey: keys.privateKey, url: 'http://localhost:' + servers[2].port + '/accounts/peertube' }
      const signedBody = await buildSignedActivity(signer, body)

      const headers = buildGlobalHeaders(signedBody)

      const { statusCode } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)

      expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
    })
  })

  after(async function () {
    this.timeout(10000)

    await cleanupTests(servers)

    await closeAllSequelize(servers)
  })
})
Commit	Line	Data
a1587156	1	/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
df66d815 C	2
df66d815 C	3	import 'mocha'
df66d815	4	import * as chai from 'chai'
8dc8a34e	5	import { buildDigest } from '@server/helpers/peertube-crypto'
2d53be02	6	import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
095e2258 C	7	import {
	8	cleanupTests,
	9	closeAllSequelize,
	10	flushAndRunMultipleServers,
	11	ServerInfo,
	12	setActorField,
	13	wait
	14	} from '../../../../shared/extra-utils'
	15	import { makeFollowRequest, makePOSTAPRequest } from '../../../../shared/extra-utils/requests/activitypub'
	16	import { activityPubContextify, buildSignedActivity } from '../../../helpers/activitypub'
	17	import { HTTP_SIGNATURE } from '../../../initializers/constants'
	18	import { buildGlobalHeaders } from '../../../lib/job-queue/handlers/utils/activitypub-http-utils'
df66d815 C	19
	20	const expect = chai.expect
	21
48f07b4a	22	function setKeysOfServer (onServer: ServerInfo, ofServer: ServerInfo, publicKey: string, privateKey: string) {
df66d815	23	return Promise.all([
48f07b4a C	24	setActorField(onServer.internalServerNumber, 'http://localhost:' + ofServer.port + '/accounts/peertube', 'publicKey', publicKey),
48f07b4a C	25	setActorField(onServer.internalServerNumber, 'http://localhost:' + ofServer.port + '/accounts/peertube', 'privateKey', privateKey)
df66d815 C	26	])
	27	}
	28
48f07b4a C	29	function getAnnounceWithoutContext (server2: ServerInfo) {
	30	const json = require('./json/peertube/announce-without-context.json')
	31	const result: typeof json = {}
	32
	33	for (const key of Object.keys(json)) {
	34	if (Array.isArray(json[key])) {
	35	result[key] = json[key].map(v => v.replace(':9002', `:${server2.port}`))
	36	} else {
a1587156	37	result[key] = json[key].replace(':9002', `:${server2.port}`)
48f07b4a C	38	}
	39	}
	40
	41	return result
df66d815 C	42	}
	43
	44	describe('Test ActivityPub security', function () {
	45	let servers: ServerInfo[]
	46	let url: string
	47
	48	const keys = require('./json/peertube/keys.json')
	49	const invalidKeys = require('./json/peertube/invalid-keys.json')
48f07b4a	50	const baseHttpSignature = () => ({
df66d815 C	51	algorithm: HTTP_SIGNATURE.ALGORITHM,
df66d815 C	52	authorizationHeaderName: HTTP_SIGNATURE.HEADER_NAME,
48f07b4a	53	keyId: 'acct:peertube@localhost:' + servers[1].port,
df66d815 C	54	key: keys.privateKey,
df66d815 C	55	headers: HTTP_SIGNATURE.HEADERS_TO_SIGN
48f07b4a	56	})
df66d815 C	57
	58	// ---------------------------------------------------------------
	59
	60	before(async function () {
	61	this.timeout(60000)
	62
	63	servers = await flushAndRunMultipleServers(3)
	64
	65	url = servers[0].url + '/inbox'
	66
48f07b4a	67	await setKeysOfServer(servers[0], servers[1], keys.publicKey, keys.privateKey)
df66d815	68
48f07b4a C	69	const to = { url: 'http://localhost:' + servers[0].port + '/accounts/peertube' }
48f07b4a C	70	const by = { url: 'http://localhost:' + servers[1].port + '/accounts/peertube', privateKey: keys.privateKey }
df66d815 C	71	await makeFollowRequest(to, by)
	72	})
	73
	74	describe('When checking HTTP signature', function () {
	75
	76	it('Should fail with an invalid digest', async function () {
48f07b4a	77	const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
df66d815 C	78	const headers = {
	79	Digest: buildDigest({ hello: 'coucou' })
	80	}
	81
db4b15f2	82	const { statusCode } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
df66d815	83
db4b15f2	84	expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
df66d815 C	85	})
	86
	87	it('Should fail with an invalid date', async function () {
48f07b4a	88	const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
df66d815 C	89	const headers = buildGlobalHeaders(body)
	90	headers['date'] = 'Wed, 21 Oct 2015 07:28:00 GMT'
	91
db4b15f2	92	const { statusCode } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
df66d815	93
db4b15f2	94	expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
df66d815 C	95	})
	96
	97	it('Should fail with bad keys', async function () {
48f07b4a C	98	await setKeysOfServer(servers[0], servers[1], invalidKeys.publicKey, invalidKeys.privateKey)
48f07b4a C	99	await setKeysOfServer(servers[1], servers[1], invalidKeys.publicKey, invalidKeys.privateKey)
df66d815	100
48f07b4a	101	const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
df66d815 C	102	const headers = buildGlobalHeaders(body)
df66d815 C	103
db4b15f2	104	const { statusCode } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
df66d815	105
db4b15f2	106	expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
df66d815 C	107	})
df66d815 C	108
797d05bd	109	it('Should reject requests without appropriate signed headers', async function () {
48f07b4a C	110	await setKeysOfServer(servers[0], servers[1], keys.publicKey, keys.privateKey)
48f07b4a C	111	await setKeysOfServer(servers[1], servers[1], keys.publicKey, keys.privateKey)
df66d815	112
48f07b4a	113	const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
df66d815	114	const headers = buildGlobalHeaders(body)
797d05bd C	115
	116	const signatureOptions = baseHttpSignature()
	117	const badHeadersMatrix = [
	118	[ '(request-target)', 'date', 'digest' ],
	119	[ 'host', 'date', 'digest' ],
	120	[ '(request-target)', 'host', 'digest' ]
	121	]
	122
	123	for (const badHeaders of badHeadersMatrix) {
	124	signatureOptions.headers = badHeaders
	125
db4b15f2 C	126	const { statusCode } = await makePOSTAPRequest(url, body, signatureOptions, headers)
db4b15f2 C	127	expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
797d05bd C	128	}
	129	})
	130
	131	it('Should succeed with a valid HTTP signature', async function () {
	132	const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
	133	const headers = buildGlobalHeaders(body)
df66d815	134
db4b15f2	135	const { statusCode } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
df66d815	136
db4b15f2	137	expect(statusCode).to.equal(HttpStatusCode.NO_CONTENT_204)
df66d815	138	})
095e2258 C	139
	140	it('Should refresh the actor keys', async function () {
	141	this.timeout(20000)
	142
	143	// Wait refresh invalidation
	144	await wait(10000)
	145
	146	// Update keys of server 2 to invalid keys
	147	// Server 1 should refresh the actor and fail
	148	await setKeysOfServer(servers[1], servers[1], invalidKeys.publicKey, invalidKeys.privateKey)
	149
	150	const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
	151	const headers = buildGlobalHeaders(body)
	152
db4b15f2	153	const { statusCode } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
095e2258	154
db4b15f2	155	expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
095e2258	156	})
df66d815 C	157	})
	158
	159	describe('When checking Linked Data Signature', function () {
095e2258 C	160	before(async function () {
	161	this.timeout(10000)
	162
	163	await setKeysOfServer(servers[0], servers[1], keys.publicKey, keys.privateKey)
	164	await setKeysOfServer(servers[1], servers[1], keys.publicKey, keys.privateKey)
48f07b4a	165	await setKeysOfServer(servers[2], servers[2], keys.publicKey, keys.privateKey)
df66d815	166
48f07b4a C	167	const to = { url: 'http://localhost:' + servers[0].port + '/accounts/peertube' }
48f07b4a C	168	const by = { url: 'http://localhost:' + servers[2].port + '/accounts/peertube', privateKey: keys.privateKey }
df66d815 C	169	await makeFollowRequest(to, by)
	170	})
	171
	172	it('Should fail with bad keys', async function () {
	173	this.timeout(10000)
	174
48f07b4a C	175	await setKeysOfServer(servers[0], servers[2], invalidKeys.publicKey, invalidKeys.privateKey)
48f07b4a C	176	await setKeysOfServer(servers[2], servers[2], invalidKeys.publicKey, invalidKeys.privateKey)
df66d815	177
48f07b4a C	178	const body = getAnnounceWithoutContext(servers[1])
48f07b4a C	179	body.actor = 'http://localhost:' + servers[2].port + '/accounts/peertube'
df66d815	180
48f07b4a	181	const signer: any = { privateKey: invalidKeys.privateKey, url: 'http://localhost:' + servers[2].port + '/accounts/peertube' }
df66d815 C	182	const signedBody = await buildSignedActivity(signer, body)
	183
	184	const headers = buildGlobalHeaders(signedBody)
	185
db4b15f2	186	const { statusCode } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
df66d815	187
db4b15f2	188	expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
df66d815 C	189	})
	190
	191	it('Should fail with an altered body', async function () {
	192	this.timeout(10000)
	193
48f07b4a C	194	await setKeysOfServer(servers[0], servers[2], keys.publicKey, keys.privateKey)
48f07b4a C	195	await setKeysOfServer(servers[0], servers[2], keys.publicKey, keys.privateKey)
df66d815	196
48f07b4a C	197	const body = getAnnounceWithoutContext(servers[1])
48f07b4a C	198	body.actor = 'http://localhost:' + servers[2].port + '/accounts/peertube'
df66d815	199
48f07b4a	200	const signer: any = { privateKey: keys.privateKey, url: 'http://localhost:' + servers[2].port + '/accounts/peertube' }
df66d815 C	201	const signedBody = await buildSignedActivity(signer, body)
df66d815 C	202
48f07b4a	203	signedBody.actor = 'http://localhost:' + servers[2].port + '/account/peertube'
df66d815 C	204
	205	const headers = buildGlobalHeaders(signedBody)
	206
db4b15f2	207	const { statusCode } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
df66d815	208
db4b15f2	209	expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
df66d815 C	210	})
	211
	212	it('Should succeed with a valid signature', async function () {
	213	this.timeout(10000)
	214
48f07b4a C	215	const body = getAnnounceWithoutContext(servers[1])
48f07b4a C	216	body.actor = 'http://localhost:' + servers[2].port + '/accounts/peertube'
df66d815	217
48f07b4a	218	const signer: any = { privateKey: keys.privateKey, url: 'http://localhost:' + servers[2].port + '/accounts/peertube' }
df66d815 C	219	const signedBody = await buildSignedActivity(signer, body)
	220
	221	const headers = buildGlobalHeaders(signedBody)
	222
db4b15f2	223	const { statusCode } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
df66d815	224
db4b15f2	225	expect(statusCode).to.equal(HttpStatusCode.NO_CONTENT_204)
df66d815	226	})
095e2258 C	227
	228	it('Should refresh the actor keys', async function () {
	229	this.timeout(20000)
	230
	231	// Wait refresh invalidation
	232	await wait(10000)
	233
	234	// Update keys of server 3 to invalid keys
	235	// Server 1 should refresh the actor and fail
	236	await setKeysOfServer(servers[2], servers[2], invalidKeys.publicKey, invalidKeys.privateKey)
	237
	238	const body = getAnnounceWithoutContext(servers[1])
	239	body.actor = 'http://localhost:' + servers[2].port + '/accounts/peertube'
	240
	241	const signer: any = { privateKey: keys.privateKey, url: 'http://localhost:' + servers[2].port + '/accounts/peertube' }
	242	const signedBody = await buildSignedActivity(signer, body)
	243
	244	const headers = buildGlobalHeaders(signedBody)
	245
db4b15f2	246	const { statusCode } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
095e2258	247
db4b15f2	248	expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
095e2258	249	})
df66d815 C	250	})
	251
	252	after(async function () {
48f07b4a C	253	this.timeout(10000)
	254
	255	await cleanupTests(servers)
df66d815	256
c8000975	257	await closeAllSequelize(servers)
df66d815 C	258	})
df66d815 C	259	})