]> git.immae.eu Git - github/Chocobozzz/PeerTube.git/blobdiff - server/tests/api/activitypub/security.ts
projects / github / Chocobozzz / PeerTube.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Add transcoding module comments
[github/Chocobozzz/PeerTube.git] / server / tests / api / activitypub / security.ts
diff --git a/server/tests/api/activitypub/security.ts b/server/tests/api/activitypub/security.ts
index dc960c5c3452f21e6cf3cc3875f44c6b6f2b852a..e6002b661237a9f769cbe48ff1d1bf3e4b746d3c 100644 (file)
--- a/server/tests/api/activitypub/security.ts
+++ b/server/tests/api/activitypub/security.ts
@@ -1,20 +1,14 @@
-/* tslint:disable:no-unused-expression */
+/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
 
 import 'mocha'
 
-import {
-  cleanupTests,
-  closeAllSequelize,
-  flushAndRunMultipleServers,
-  killallServers,
-  ServerInfo,
-  setActorField
-} from '../../../../shared/extra-utils'
+import { cleanupTests, closeAllSequelize, flushAndRunMultipleServers, ServerInfo, setActorField } from '../../../../shared/extra-utils'
 import { HTTP_SIGNATURE } from '../../../initializers/constants'
-import { buildDigest, buildGlobalHeaders } from '../../../lib/job-queue/handlers/utils/activitypub-http-utils'
+import { buildGlobalHeaders } from '../../../lib/job-queue/handlers/utils/activitypub-http-utils'
 import * as chai from 'chai'
 import { activityPubContextify, buildSignedActivity } from '../../../helpers/activitypub'
 import { makeFollowRequest, makePOSTAPRequest } from '../../../../shared/extra-utils/requests/activitypub'
+import { buildDigest } from '@server/helpers/peertube-crypto'
 
 const expect = chai.expect
 
@@ -33,7 +27,7 @@ function getAnnounceWithoutContext (server2: ServerInfo) {
     if (Array.isArray(json[key])) {
       result[key] = json[key].map(v => v.replace(':9002', `:${server2.port}`))
     } else {
-      result[ key ] = json[ key ].replace(':9002', `:${server2.port}`)
+      result[key] = json[key].replace(':9002', `:${server2.port}`)
     }
   }
 
@@ -105,13 +99,32 @@ describe('Test ActivityPub security', function () {
       expect(response.statusCode).to.equal(403)
     })
 
-    it('Should succeed with a valid HTTP signature', async function () {
+    it('Should reject requests without appropriate signed headers', async function () {
       await setKeysOfServer(servers[0], servers[1], keys.publicKey, keys.privateKey)
       await setKeysOfServer(servers[1], servers[1], keys.publicKey, keys.privateKey)
 
       const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
       const headers = buildGlobalHeaders(body)
 
+      const signatureOptions = baseHttpSignature()
+      const badHeadersMatrix = [
+        [ '(request-target)', 'date', 'digest' ],
+        [ 'host', 'date', 'digest' ],
+        [ '(request-target)', 'host', 'digest' ]
+      ]
+
+      for (const badHeaders of badHeadersMatrix) {
+        signatureOptions.headers = badHeaders
+
+        const { response } = await makePOSTAPRequest(url, body, signatureOptions, headers)
+        expect(response.statusCode).to.equal(403)
+      }
+    })
+
+    it('Should succeed with a valid HTTP signature', async function () {
+      const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
+      const headers = buildGlobalHeaders(body)
+
       const { response } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
 
       expect(response.statusCode).to.equal(204)
ActivityPub-federated video streaming platform using P2P directly in your web browser