[github/Chocobozzz/PeerTube.git] / server / tests / api / activitypub / security.ts

/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */

import 'mocha'
import * as chai from 'chai'
import { buildDigest } from '@server/helpers/peertube-crypto'
import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
import {
  buildAbsoluteFixturePath,
  cleanupTests,
  flushAndRunMultipleServers,
  killallServers,
  reRunServer,
  ServerInfo,
  wait
} from '../../../../shared/extra-utils'
import { makeFollowRequest, makePOSTAPRequest } from '../../../../shared/extra-utils/requests/activitypub'
import { activityPubContextify, buildSignedActivity } from '../../../helpers/activitypub'
import { HTTP_SIGNATURE } from '../../../initializers/constants'
import { buildGlobalHeaders } from '../../../lib/job-queue/handlers/utils/activitypub-http-utils'

const expect = chai.expect

function setKeysOfServer (onServer: ServerInfo, ofServer: ServerInfo, publicKey: string, privateKey: string) {
  const url = 'http://localhost:' + ofServer.port + '/accounts/peertube'

  return Promise.all([
    onServer.sqlCommand.setActorField(url, 'publicKey', publicKey),
    onServer.sqlCommand.setActorField(url, 'privateKey', privateKey)
  ])
}

function setUpdatedAtOfServer (onServer: ServerInfo, ofServer: ServerInfo, updatedAt: string) {
  const url = 'http://localhost:' + ofServer.port + '/accounts/peertube'

  return Promise.all([
    onServer.sqlCommand.setActorField(url, 'createdAt', updatedAt),
    onServer.sqlCommand.setActorField(url, 'updatedAt', updatedAt)
  ])
}

function getAnnounceWithoutContext (server: ServerInfo) {
  const json = require(buildAbsoluteFixturePath('./ap-json/peertube/announce-without-context.json'))
  const result: typeof json = {}

  for (const key of Object.keys(json)) {
    if (Array.isArray(json[key])) {
      result[key] = json[key].map(v => v.replace(':9002', `:${server.port}`))
    } else {
      result[key] = json[key].replace(':9002', `:${server.port}`)
    }
  }

  return result
}

describe('Test ActivityPub security', function () {
  let servers: ServerInfo[]
  let url: string

  const keys = require(buildAbsoluteFixturePath('./ap-json/peertube/keys.json'))
  const invalidKeys = require(buildAbsoluteFixturePath('./ap-json/peertube/invalid-keys.json'))
  const baseHttpSignature = () => ({
    algorithm: HTTP_SIGNATURE.ALGORITHM,
    authorizationHeaderName: HTTP_SIGNATURE.HEADER_NAME,
    keyId: 'acct:peertube@localhost:' + servers[1].port,
    key: keys.privateKey,
    headers: HTTP_SIGNATURE.HEADERS_TO_SIGN
  })

  // ---------------------------------------------------------------

  before(async function () {
    this.timeout(60000)

    servers = await flushAndRunMultipleServers(3)

    url = servers[0].url + '/inbox'

    await setKeysOfServer(servers[0], servers[1], keys.publicKey, null)
    await setKeysOfServer(servers[1], servers[1], keys.publicKey, keys.privateKey)

    const to = { url: 'http://localhost:' + servers[0].port + '/accounts/peertube' }
    const by = { url: 'http://localhost:' + servers[1].port + '/accounts/peertube', privateKey: keys.privateKey }
    await makeFollowRequest(to, by)
  })

  describe('When checking HTTP signature', function () {

    it('Should fail with an invalid digest', async function () {
      const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
      const headers = {
        Digest: buildDigest({ hello: 'coucou' })
      }

      try {
        await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
        expect(true, 'Did not throw').to.be.false
      } catch (err) {
        expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
      }
    })

    it('Should fail with an invalid date', async function () {
      const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
      const headers = buildGlobalHeaders(body)
      headers['date'] = 'Wed, 21 Oct 2015 07:28:00 GMT'

      try {
        await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
        expect(true, 'Did not throw').to.be.false
      } catch (err) {
        expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
      }
    })

    it('Should fail with bad keys', async function () {
      await setKeysOfServer(servers[0], servers[1], invalidKeys.publicKey, invalidKeys.privateKey)
      await setKeysOfServer(servers[1], servers[1], invalidKeys.publicKey, invalidKeys.privateKey)

      const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
      const headers = buildGlobalHeaders(body)

      try {
        await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
        expect(true, 'Did not throw').to.be.false
      } catch (err) {
        expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
      }
    })

    it('Should reject requests without appropriate signed headers', async function () {
      await setKeysOfServer(servers[0], servers[1], keys.publicKey, keys.privateKey)
      await setKeysOfServer(servers[1], servers[1], keys.publicKey, keys.privateKey)

      const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
      const headers = buildGlobalHeaders(body)

      const signatureOptions = baseHttpSignature()
      const badHeadersMatrix = [
        [ '(request-target)', 'date', 'digest' ],
        [ 'host', 'date', 'digest' ],
        [ '(request-target)', 'host', 'digest' ]
      ]

      for (const badHeaders of badHeadersMatrix) {
        signatureOptions.headers = badHeaders

        try {
          await makePOSTAPRequest(url, body, signatureOptions, headers)
          expect(true, 'Did not throw').to.be.false
        } catch (err) {
          expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
        }
      }
    })

    it('Should succeed with a valid HTTP signature', async function () {
      const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
      const headers = buildGlobalHeaders(body)

      const { statusCode } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
      expect(statusCode).to.equal(HttpStatusCode.NO_CONTENT_204)
    })

    it('Should refresh the actor keys', async function () {
      this.timeout(20000)

      // Update keys of server 2 to invalid keys
      // Server 1 should refresh the actor and fail
      await setKeysOfServer(servers[1], servers[1], invalidKeys.publicKey, invalidKeys.privateKey)
      await setUpdatedAtOfServer(servers[0], servers[1], '2015-07-17 22:00:00+00')

      // Invalid peertube actor cache
      await killallServers([ servers[1] ])
      await reRunServer(servers[1])

      const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
      const headers = buildGlobalHeaders(body)

      try {
        await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
        expect(true, 'Did not throw').to.be.false
      } catch (err) {
        console.error(err)
        expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
      }
    })
  })

  describe('When checking Linked Data Signature', function () {
    before(async function () {
      this.timeout(10000)

      await setKeysOfServer(servers[0], servers[1], keys.publicKey, keys.privateKey)
      await setKeysOfServer(servers[1], servers[1], keys.publicKey, keys.privateKey)
      await setKeysOfServer(servers[2], servers[2], keys.publicKey, keys.privateKey)

      const to = { url: 'http://localhost:' + servers[0].port + '/accounts/peertube' }
      const by = { url: 'http://localhost:' + servers[2].port + '/accounts/peertube', privateKey: keys.privateKey }
      await makeFollowRequest(to, by)
    })

    it('Should fail with bad keys', async function () {
      this.timeout(10000)

      await setKeysOfServer(servers[0], servers[2], invalidKeys.publicKey, invalidKeys.privateKey)
      await setKeysOfServer(servers[2], servers[2], invalidKeys.publicKey, invalidKeys.privateKey)

      const body = getAnnounceWithoutContext(servers[1])
      body.actor = 'http://localhost:' + servers[2].port + '/accounts/peertube'

      const signer: any = { privateKey: invalidKeys.privateKey, url: 'http://localhost:' + servers[2].port + '/accounts/peertube' }
      const signedBody = await buildSignedActivity(signer, body)

      const headers = buildGlobalHeaders(signedBody)

      try {
        await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
        expect(true, 'Did not throw').to.be.false
      } catch (err) {
        expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
      }
    })

    it('Should fail with an altered body', async function () {
      this.timeout(10000)

      await setKeysOfServer(servers[0], servers[2], keys.publicKey, keys.privateKey)
      await setKeysOfServer(servers[0], servers[2], keys.publicKey, keys.privateKey)

      const body = getAnnounceWithoutContext(servers[1])
      body.actor = 'http://localhost:' + servers[2].port + '/accounts/peertube'

      const signer: any = { privateKey: keys.privateKey, url: 'http://localhost:' + servers[2].port + '/accounts/peertube' }
      const signedBody = await buildSignedActivity(signer, body)

      signedBody.actor = 'http://localhost:' + servers[2].port + '/account/peertube'

      const headers = buildGlobalHeaders(signedBody)

      try {
        await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
        expect(true, 'Did not throw').to.be.false
      } catch (err) {
        expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
      }
    })

    it('Should succeed with a valid signature', async function () {
      this.timeout(10000)

      const body = getAnnounceWithoutContext(servers[1])
      body.actor = 'http://localhost:' + servers[2].port + '/accounts/peertube'

      const signer: any = { privateKey: keys.privateKey, url: 'http://localhost:' + servers[2].port + '/accounts/peertube' }
      const signedBody = await buildSignedActivity(signer, body)

      const headers = buildGlobalHeaders(signedBody)

      const { statusCode } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
      expect(statusCode).to.equal(HttpStatusCode.NO_CONTENT_204)
    })

    it('Should refresh the actor keys', async function () {
      this.timeout(20000)

      // Wait refresh invalidation
      await wait(10000)

      // Update keys of server 3 to invalid keys
      // Server 1 should refresh the actor and fail
      await setKeysOfServer(servers[2], servers[2], invalidKeys.publicKey, invalidKeys.privateKey)

      const body = getAnnounceWithoutContext(servers[1])
      body.actor = 'http://localhost:' + servers[2].port + '/accounts/peertube'

      const signer: any = { privateKey: keys.privateKey, url: 'http://localhost:' + servers[2].port + '/accounts/peertube' }
      const signedBody = await buildSignedActivity(signer, body)

      const headers = buildGlobalHeaders(signedBody)

      try {
        await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
        expect(true, 'Did not throw').to.be.false
      } catch (err) {
        expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
      }
    })
  })

  after(async function () {
    this.timeout(10000)

    await cleanupTests(servers)
  })
})
Commit	Line	Data
a1587156	1	/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
df66d815 C	2
df66d815 C	3	import 'mocha'
df66d815	4	import * as chai from 'chai'
8dc8a34e	5	import { buildDigest } from '@server/helpers/peertube-crypto'
2d53be02	6	import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
095e2258	7	import {
3d470a53	8	buildAbsoluteFixturePath,
095e2258	9	cleanupTests,
095e2258	10	flushAndRunMultipleServers,
e7053b1d C	11	killallServers,
e7053b1d C	12	reRunServer,
095e2258	13	ServerInfo,
095e2258 C	14	wait
	15	} from '../../../../shared/extra-utils'
	16	import { makeFollowRequest, makePOSTAPRequest } from '../../../../shared/extra-utils/requests/activitypub'
	17	import { activityPubContextify, buildSignedActivity } from '../../../helpers/activitypub'
	18	import { HTTP_SIGNATURE } from '../../../initializers/constants'
	19	import { buildGlobalHeaders } from '../../../lib/job-queue/handlers/utils/activitypub-http-utils'
df66d815 C	20
	21	const expect = chai.expect
	22
48f07b4a	23	function setKeysOfServer (onServer: ServerInfo, ofServer: ServerInfo, publicKey: string, privateKey: string) {
e7053b1d C	24	const url = 'http://localhost:' + ofServer.port + '/accounts/peertube'
	25
	26	return Promise.all([
9293139f C	27	onServer.sqlCommand.setActorField(url, 'publicKey', publicKey),
9293139f C	28	onServer.sqlCommand.setActorField(url, 'privateKey', privateKey)
e7053b1d C	29	])
	30	}
	31
	32	function setUpdatedAtOfServer (onServer: ServerInfo, ofServer: ServerInfo, updatedAt: string) {
	33	const url = 'http://localhost:' + ofServer.port + '/accounts/peertube'
	34
df66d815	35	return Promise.all([
9293139f C	36	onServer.sqlCommand.setActorField(url, 'createdAt', updatedAt),
9293139f C	37	onServer.sqlCommand.setActorField(url, 'updatedAt', updatedAt)
df66d815 C	38	])
	39	}
	40
e7053b1d	41	function getAnnounceWithoutContext (server: ServerInfo) {
3d470a53	42	const json = require(buildAbsoluteFixturePath('./ap-json/peertube/announce-without-context.json'))
48f07b4a C	43	const result: typeof json = {}
	44
	45	for (const key of Object.keys(json)) {
	46	if (Array.isArray(json[key])) {
e7053b1d	47	result[key] = json[key].map(v => v.replace(':9002', `:${server.port}`))
48f07b4a	48	} else {
e7053b1d	49	result[key] = json[key].replace(':9002', `:${server.port}`)
48f07b4a C	50	}
	51	}
	52
	53	return result
df66d815 C	54	}
	55
	56	describe('Test ActivityPub security', function () {
	57	let servers: ServerInfo[]
	58	let url: string
	59
3d470a53 C	60	const keys = require(buildAbsoluteFixturePath('./ap-json/peertube/keys.json'))
3d470a53 C	61	const invalidKeys = require(buildAbsoluteFixturePath('./ap-json/peertube/invalid-keys.json'))
48f07b4a	62	const baseHttpSignature = () => ({
df66d815 C	63	algorithm: HTTP_SIGNATURE.ALGORITHM,
df66d815 C	64	authorizationHeaderName: HTTP_SIGNATURE.HEADER_NAME,
48f07b4a	65	keyId: 'acct:peertube@localhost:' + servers[1].port,
df66d815 C	66	key: keys.privateKey,
df66d815 C	67	headers: HTTP_SIGNATURE.HEADERS_TO_SIGN
48f07b4a	68	})
df66d815 C	69
	70	// ---------------------------------------------------------------
	71
	72	before(async function () {
	73	this.timeout(60000)
	74
	75	servers = await flushAndRunMultipleServers(3)
	76
	77	url = servers[0].url + '/inbox'
	78
e7053b1d C	79	await setKeysOfServer(servers[0], servers[1], keys.publicKey, null)
e7053b1d C	80	await setKeysOfServer(servers[1], servers[1], keys.publicKey, keys.privateKey)
df66d815	81
48f07b4a C	82	const to = { url: 'http://localhost:' + servers[0].port + '/accounts/peertube' }
48f07b4a C	83	const by = { url: 'http://localhost:' + servers[1].port + '/accounts/peertube', privateKey: keys.privateKey }
df66d815 C	84	await makeFollowRequest(to, by)
	85	})
	86
	87	describe('When checking HTTP signature', function () {
	88
	89	it('Should fail with an invalid digest', async function () {
48f07b4a	90	const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
df66d815 C	91	const headers = {
	92	Digest: buildDigest({ hello: 'coucou' })
	93	}
	94
b5c36108 C	95	try {
	96	await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
	97	expect(true, 'Did not throw').to.be.false
	98	} catch (err) {
	99	expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
	100	}
df66d815 C	101	})
	102
	103	it('Should fail with an invalid date', async function () {
48f07b4a	104	const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
df66d815 C	105	const headers = buildGlobalHeaders(body)
	106	headers['date'] = 'Wed, 21 Oct 2015 07:28:00 GMT'
	107
b5c36108 C	108	try {
	109	await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
	110	expect(true, 'Did not throw').to.be.false
	111	} catch (err) {
	112	expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
	113	}
df66d815 C	114	})
	115
	116	it('Should fail with bad keys', async function () {
48f07b4a C	117	await setKeysOfServer(servers[0], servers[1], invalidKeys.publicKey, invalidKeys.privateKey)
48f07b4a C	118	await setKeysOfServer(servers[1], servers[1], invalidKeys.publicKey, invalidKeys.privateKey)
df66d815	119
48f07b4a	120	const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
df66d815 C	121	const headers = buildGlobalHeaders(body)
df66d815 C	122
b5c36108 C	123	try {
	124	await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
	125	expect(true, 'Did not throw').to.be.false
	126	} catch (err) {
	127	expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
	128	}
df66d815 C	129	})
df66d815 C	130
797d05bd	131	it('Should reject requests without appropriate signed headers', async function () {
48f07b4a C	132	await setKeysOfServer(servers[0], servers[1], keys.publicKey, keys.privateKey)
48f07b4a C	133	await setKeysOfServer(servers[1], servers[1], keys.publicKey, keys.privateKey)
df66d815	134
48f07b4a	135	const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
df66d815	136	const headers = buildGlobalHeaders(body)
797d05bd C	137
	138	const signatureOptions = baseHttpSignature()
	139	const badHeadersMatrix = [
	140	[ '(request-target)', 'date', 'digest' ],
	141	[ 'host', 'date', 'digest' ],
	142	[ '(request-target)', 'host', 'digest' ]
	143	]
	144
	145	for (const badHeaders of badHeadersMatrix) {
	146	signatureOptions.headers = badHeaders
	147
b5c36108 C	148	try {
	149	await makePOSTAPRequest(url, body, signatureOptions, headers)
	150	expect(true, 'Did not throw').to.be.false
	151	} catch (err) {
	152	expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
	153	}
797d05bd C	154	}
	155	})
	156
	157	it('Should succeed with a valid HTTP signature', async function () {
	158	const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
	159	const headers = buildGlobalHeaders(body)
df66d815	160
db4b15f2	161	const { statusCode } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
db4b15f2	162	expect(statusCode).to.equal(HttpStatusCode.NO_CONTENT_204)
df66d815	163	})
095e2258 C	164
	165	it('Should refresh the actor keys', async function () {
	166	this.timeout(20000)
	167
095e2258 C	168	// Update keys of server 2 to invalid keys
	169	// Server 1 should refresh the actor and fail
	170	await setKeysOfServer(servers[1], servers[1], invalidKeys.publicKey, invalidKeys.privateKey)
e7053b1d C	171	await setUpdatedAtOfServer(servers[0], servers[1], '2015-07-17 22:00:00+00')
	172
	173	// Invalid peertube actor cache
9293139f	174	await killallServers([ servers[1] ])
e7053b1d	175	await reRunServer(servers[1])
095e2258 C	176
	177	const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
	178	const headers = buildGlobalHeaders(body)
	179
b5c36108 C	180	try {
	181	await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
	182	expect(true, 'Did not throw').to.be.false
	183	} catch (err) {
e7053b1d	184	console.error(err)
b5c36108 C	185	expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
b5c36108 C	186	}
095e2258	187	})
df66d815 C	188	})
	189
	190	describe('When checking Linked Data Signature', function () {
095e2258 C	191	before(async function () {
	192	this.timeout(10000)
	193
	194	await setKeysOfServer(servers[0], servers[1], keys.publicKey, keys.privateKey)
	195	await setKeysOfServer(servers[1], servers[1], keys.publicKey, keys.privateKey)
48f07b4a	196	await setKeysOfServer(servers[2], servers[2], keys.publicKey, keys.privateKey)
df66d815	197
48f07b4a C	198	const to = { url: 'http://localhost:' + servers[0].port + '/accounts/peertube' }
48f07b4a C	199	const by = { url: 'http://localhost:' + servers[2].port + '/accounts/peertube', privateKey: keys.privateKey }
df66d815 C	200	await makeFollowRequest(to, by)
	201	})
	202
	203	it('Should fail with bad keys', async function () {
	204	this.timeout(10000)
	205
48f07b4a C	206	await setKeysOfServer(servers[0], servers[2], invalidKeys.publicKey, invalidKeys.privateKey)
48f07b4a C	207	await setKeysOfServer(servers[2], servers[2], invalidKeys.publicKey, invalidKeys.privateKey)
df66d815	208
48f07b4a C	209	const body = getAnnounceWithoutContext(servers[1])
48f07b4a C	210	body.actor = 'http://localhost:' + servers[2].port + '/accounts/peertube'
df66d815	211
48f07b4a	212	const signer: any = { privateKey: invalidKeys.privateKey, url: 'http://localhost:' + servers[2].port + '/accounts/peertube' }
df66d815 C	213	const signedBody = await buildSignedActivity(signer, body)
	214
	215	const headers = buildGlobalHeaders(signedBody)
	216
b5c36108 C	217	try {
	218	await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
	219	expect(true, 'Did not throw').to.be.false
	220	} catch (err) {
	221	expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
	222	}
df66d815 C	223	})
	224
	225	it('Should fail with an altered body', async function () {
	226	this.timeout(10000)
	227
48f07b4a C	228	await setKeysOfServer(servers[0], servers[2], keys.publicKey, keys.privateKey)
48f07b4a C	229	await setKeysOfServer(servers[0], servers[2], keys.publicKey, keys.privateKey)
df66d815	230
48f07b4a C	231	const body = getAnnounceWithoutContext(servers[1])
48f07b4a C	232	body.actor = 'http://localhost:' + servers[2].port + '/accounts/peertube'
df66d815	233
48f07b4a	234	const signer: any = { privateKey: keys.privateKey, url: 'http://localhost:' + servers[2].port + '/accounts/peertube' }
df66d815 C	235	const signedBody = await buildSignedActivity(signer, body)
df66d815 C	236
48f07b4a	237	signedBody.actor = 'http://localhost:' + servers[2].port + '/account/peertube'
df66d815 C	238
	239	const headers = buildGlobalHeaders(signedBody)
	240
b5c36108 C	241	try {
	242	await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
	243	expect(true, 'Did not throw').to.be.false
	244	} catch (err) {
	245	expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
	246	}
df66d815 C	247	})
	248
	249	it('Should succeed with a valid signature', async function () {
	250	this.timeout(10000)
	251
48f07b4a C	252	const body = getAnnounceWithoutContext(servers[1])
48f07b4a C	253	body.actor = 'http://localhost:' + servers[2].port + '/accounts/peertube'
df66d815	254
48f07b4a	255	const signer: any = { privateKey: keys.privateKey, url: 'http://localhost:' + servers[2].port + '/accounts/peertube' }
df66d815 C	256	const signedBody = await buildSignedActivity(signer, body)
	257
	258	const headers = buildGlobalHeaders(signedBody)
	259
db4b15f2	260	const { statusCode } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
db4b15f2	261	expect(statusCode).to.equal(HttpStatusCode.NO_CONTENT_204)
df66d815	262	})
095e2258 C	263
	264	it('Should refresh the actor keys', async function () {
	265	this.timeout(20000)
	266
	267	// Wait refresh invalidation
	268	await wait(10000)
	269
	270	// Update keys of server 3 to invalid keys
	271	// Server 1 should refresh the actor and fail
	272	await setKeysOfServer(servers[2], servers[2], invalidKeys.publicKey, invalidKeys.privateKey)
	273
	274	const body = getAnnounceWithoutContext(servers[1])
	275	body.actor = 'http://localhost:' + servers[2].port + '/accounts/peertube'
	276
	277	const signer: any = { privateKey: keys.privateKey, url: 'http://localhost:' + servers[2].port + '/accounts/peertube' }
	278	const signedBody = await buildSignedActivity(signer, body)
	279
	280	const headers = buildGlobalHeaders(signedBody)
	281
b5c36108 C	282	try {
	283	await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
	284	expect(true, 'Did not throw').to.be.false
	285	} catch (err) {
	286	expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
	287	}
095e2258	288	})
df66d815 C	289	})
	290
	291	after(async function () {
48f07b4a C	292	this.timeout(10000)
	293
	294	await cleanupTests(servers)
df66d815 C	295	})
df66d815 C	296	})