X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Ftests%2Fapi%2Factivitypub%2Fsecurity.ts;h=9745052a393ae38e9c8a1387fe5734f4f2ef0f80;hb=b5c361089f03f4d459fa1cdc49ff66dee736af12;hp=8bde54a406f17e9db19ac5ebe3ed373bc376bf89;hpb=095e2258043fcff8a79ab082d11edfbd8f13a8e2;p=github%2FChocobozzz%2FPeerTube.git diff --git a/server/tests/api/activitypub/security.ts b/server/tests/api/activitypub/security.ts index 8bde54a40..9745052a3 100644 --- a/server/tests/api/activitypub/security.ts +++ b/server/tests/api/activitypub/security.ts @@ -79,9 +79,12 @@ describe('Test ActivityPub security', function () { Digest: buildDigest({ hello: 'coucou' }) } - const { response } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers) - - expect(response.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) + try { + await makePOSTAPRequest(url, body, baseHttpSignature(), headers) + expect(true, 'Did not throw').to.be.false + } catch (err) { + expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) + } }) it('Should fail with an invalid date', async function () { @@ -89,9 +92,12 @@ describe('Test ActivityPub security', function () { const headers = buildGlobalHeaders(body) headers['date'] = 'Wed, 21 Oct 2015 07:28:00 GMT' - const { response } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers) - - expect(response.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) + try { + await makePOSTAPRequest(url, body, baseHttpSignature(), headers) + expect(true, 'Did not throw').to.be.false + } catch (err) { + expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) + } }) it('Should fail with bad keys', async function () { @@ -101,9 +107,12 @@ describe('Test ActivityPub security', function () { const body = activityPubContextify(getAnnounceWithoutContext(servers[1])) const headers = buildGlobalHeaders(body) - const { response } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers) - - expect(response.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) + try { + await makePOSTAPRequest(url, body, baseHttpSignature(), headers) + expect(true, 'Did not throw').to.be.false + } catch (err) { + expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) + } }) it('Should reject requests without appropriate signed headers', async function () { @@ -123,8 +132,12 @@ describe('Test ActivityPub security', function () { for (const badHeaders of badHeadersMatrix) { signatureOptions.headers = badHeaders - const { response } = await makePOSTAPRequest(url, body, signatureOptions, headers) - expect(response.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) + try { + await makePOSTAPRequest(url, body, signatureOptions, headers) + expect(true, 'Did not throw').to.be.false + } catch (err) { + expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) + } } }) @@ -132,9 +145,8 @@ describe('Test ActivityPub security', function () { const body = activityPubContextify(getAnnounceWithoutContext(servers[1])) const headers = buildGlobalHeaders(body) - const { response } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers) - - expect(response.statusCode).to.equal(HttpStatusCode.NO_CONTENT_204) + const { statusCode } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers) + expect(statusCode).to.equal(HttpStatusCode.NO_CONTENT_204) }) it('Should refresh the actor keys', async function () { @@ -150,9 +162,12 @@ describe('Test ActivityPub security', function () { const body = activityPubContextify(getAnnounceWithoutContext(servers[1])) const headers = buildGlobalHeaders(body) - const { response } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers) - - expect(response.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) + try { + await makePOSTAPRequest(url, body, baseHttpSignature(), headers) + expect(true, 'Did not throw').to.be.false + } catch (err) { + expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) + } }) }) @@ -183,9 +198,12 @@ describe('Test ActivityPub security', function () { const headers = buildGlobalHeaders(signedBody) - const { response } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers) - - expect(response.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) + try { + await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers) + expect(true, 'Did not throw').to.be.false + } catch (err) { + expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) + } }) it('Should fail with an altered body', async function () { @@ -204,9 +222,12 @@ describe('Test ActivityPub security', function () { const headers = buildGlobalHeaders(signedBody) - const { response } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers) - - expect(response.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) + try { + await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers) + expect(true, 'Did not throw').to.be.false + } catch (err) { + expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) + } }) it('Should succeed with a valid signature', async function () { @@ -220,9 +241,8 @@ describe('Test ActivityPub security', function () { const headers = buildGlobalHeaders(signedBody) - const { response } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers) - - expect(response.statusCode).to.equal(HttpStatusCode.NO_CONTENT_204) + const { statusCode } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers) + expect(statusCode).to.equal(HttpStatusCode.NO_CONTENT_204) }) it('Should refresh the actor keys', async function () { @@ -243,9 +263,12 @@ describe('Test ActivityPub security', function () { const headers = buildGlobalHeaders(signedBody) - const { response } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers) - - expect(response.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) + try { + await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers) + expect(true, 'Did not throw').to.be.false + } catch (err) { + expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) + } }) })