+ const signatureOptions = baseHttpSignature()
+ const badHeadersMatrix = [
+ [ '(request-target)', 'date', 'digest' ],
+ [ 'host', 'date', 'digest' ],
+ [ '(request-target)', 'host', 'digest' ]
+ ]
+
+ for (const badHeaders of badHeadersMatrix) {
+ signatureOptions.headers = badHeaders
+
+ try {
+ await makePOSTAPRequest(url, body, signatureOptions, headers)
+ expect(true, 'Did not throw').to.be.false
+ } catch (err) {
+ expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
+ }
+ }
+ })
+
+ it('Should succeed with a valid HTTP signature', async function () {
+ const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
+ const headers = buildGlobalHeaders(body)
+
+ const { statusCode } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
+ expect(statusCode).to.equal(HttpStatusCode.NO_CONTENT_204)
+ })
+
+ it('Should refresh the actor keys', async function () {
+ this.timeout(20000)