diff options
author | Chocobozzz <me@florianbigard.com> | 2020-11-12 10:42:25 +0100 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2020-11-12 16:29:32 +0100 |
commit | 797d05bdd99b63104522051d0f61f1e0f003e780 (patch) | |
tree | a0e356958e03aa62c4539afacbf7715eba305954 /server/tests/api | |
parent | 2a9562fc5894509e63016b1fe09f6dce0c4b6e5e (diff) | |
download | PeerTube-797d05bdd99b63104522051d0f61f1e0f003e780.tar.gz PeerTube-797d05bdd99b63104522051d0f61f1e0f003e780.tar.zst PeerTube-797d05bdd99b63104522051d0f61f1e0f003e780.zip |
Force signed headers in http signatures
Thanks Roger
Diffstat (limited to 'server/tests/api')
-rw-r--r-- | server/tests/api/activitypub/security.ts | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/server/tests/api/activitypub/security.ts b/server/tests/api/activitypub/security.ts index ac4bc7c6a..e6002b661 100644 --- a/server/tests/api/activitypub/security.ts +++ b/server/tests/api/activitypub/security.ts | |||
@@ -99,13 +99,32 @@ describe('Test ActivityPub security', function () { | |||
99 | expect(response.statusCode).to.equal(403) | 99 | expect(response.statusCode).to.equal(403) |
100 | }) | 100 | }) |
101 | 101 | ||
102 | it('Should succeed with a valid HTTP signature', async function () { | 102 | it('Should reject requests without appropriate signed headers', async function () { |
103 | await setKeysOfServer(servers[0], servers[1], keys.publicKey, keys.privateKey) | 103 | await setKeysOfServer(servers[0], servers[1], keys.publicKey, keys.privateKey) |
104 | await setKeysOfServer(servers[1], servers[1], keys.publicKey, keys.privateKey) | 104 | await setKeysOfServer(servers[1], servers[1], keys.publicKey, keys.privateKey) |
105 | 105 | ||
106 | const body = activityPubContextify(getAnnounceWithoutContext(servers[1])) | 106 | const body = activityPubContextify(getAnnounceWithoutContext(servers[1])) |
107 | const headers = buildGlobalHeaders(body) | 107 | const headers = buildGlobalHeaders(body) |
108 | 108 | ||
109 | const signatureOptions = baseHttpSignature() | ||
110 | const badHeadersMatrix = [ | ||
111 | [ '(request-target)', 'date', 'digest' ], | ||
112 | [ 'host', 'date', 'digest' ], | ||
113 | [ '(request-target)', 'host', 'digest' ] | ||
114 | ] | ||
115 | |||
116 | for (const badHeaders of badHeadersMatrix) { | ||
117 | signatureOptions.headers = badHeaders | ||
118 | |||
119 | const { response } = await makePOSTAPRequest(url, body, signatureOptions, headers) | ||
120 | expect(response.statusCode).to.equal(403) | ||
121 | } | ||
122 | }) | ||
123 | |||
124 | it('Should succeed with a valid HTTP signature', async function () { | ||
125 | const body = activityPubContextify(getAnnounceWithoutContext(servers[1])) | ||
126 | const headers = buildGlobalHeaders(body) | ||
127 | |||
109 | const { response } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers) | 128 | const { response } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers) |
110 | 129 | ||
111 | expect(response.statusCode).to.equal(204) | 130 | expect(response.statusCode).to.equal(204) |