diff options
Diffstat (limited to 'server/tests/api/activitypub/security.ts')
-rw-r--r-- | server/tests/api/activitypub/security.ts | 106 |
1 files changed, 58 insertions, 48 deletions
diff --git a/server/tests/api/activitypub/security.ts b/server/tests/api/activitypub/security.ts index 11e6859bf..dc960c5c3 100644 --- a/server/tests/api/activitypub/security.ts +++ b/server/tests/api/activitypub/security.ts | |||
@@ -3,9 +3,9 @@ | |||
3 | import 'mocha' | 3 | import 'mocha' |
4 | 4 | ||
5 | import { | 5 | import { |
6 | cleanupTests, | ||
6 | closeAllSequelize, | 7 | closeAllSequelize, |
7 | flushAndRunMultipleServers, | 8 | flushAndRunMultipleServers, |
8 | flushTests, | ||
9 | killallServers, | 9 | killallServers, |
10 | ServerInfo, | 10 | ServerInfo, |
11 | setActorField | 11 | setActorField |
@@ -18,18 +18,26 @@ import { makeFollowRequest, makePOSTAPRequest } from '../../../../shared/extra-u | |||
18 | 18 | ||
19 | const expect = chai.expect | 19 | const expect = chai.expect |
20 | 20 | ||
21 | function setKeysOfServer2 (serverNumber: number, publicKey: string, privateKey: string) { | 21 | function setKeysOfServer (onServer: ServerInfo, ofServer: ServerInfo, publicKey: string, privateKey: string) { |
22 | return Promise.all([ | 22 | return Promise.all([ |
23 | setActorField(serverNumber, 'http://localhost:9002/accounts/peertube', 'publicKey', publicKey), | 23 | setActorField(onServer.internalServerNumber, 'http://localhost:' + ofServer.port + '/accounts/peertube', 'publicKey', publicKey), |
24 | setActorField(serverNumber, 'http://localhost:9002/accounts/peertube', 'privateKey', privateKey) | 24 | setActorField(onServer.internalServerNumber, 'http://localhost:' + ofServer.port + '/accounts/peertube', 'privateKey', privateKey) |
25 | ]) | 25 | ]) |
26 | } | 26 | } |
27 | 27 | ||
28 | function setKeysOfServer3 (serverNumber: number, publicKey: string, privateKey: string) { | 28 | function getAnnounceWithoutContext (server2: ServerInfo) { |
29 | return Promise.all([ | 29 | const json = require('./json/peertube/announce-without-context.json') |
30 | setActorField(serverNumber, 'http://localhost:9003/accounts/peertube', 'publicKey', publicKey), | 30 | const result: typeof json = {} |
31 | setActorField(serverNumber, 'http://localhost:9003/accounts/peertube', 'privateKey', privateKey) | 31 | |
32 | ]) | 32 | for (const key of Object.keys(json)) { |
33 | if (Array.isArray(json[key])) { | ||
34 | result[key] = json[key].map(v => v.replace(':9002', `:${server2.port}`)) | ||
35 | } else { | ||
36 | result[ key ] = json[ key ].replace(':9002', `:${server2.port}`) | ||
37 | } | ||
38 | } | ||
39 | |||
40 | return result | ||
33 | } | 41 | } |
34 | 42 | ||
35 | describe('Test ActivityPub security', function () { | 43 | describe('Test ActivityPub security', function () { |
@@ -38,13 +46,13 @@ describe('Test ActivityPub security', function () { | |||
38 | 46 | ||
39 | const keys = require('./json/peertube/keys.json') | 47 | const keys = require('./json/peertube/keys.json') |
40 | const invalidKeys = require('./json/peertube/invalid-keys.json') | 48 | const invalidKeys = require('./json/peertube/invalid-keys.json') |
41 | const baseHttpSignature = { | 49 | const baseHttpSignature = () => ({ |
42 | algorithm: HTTP_SIGNATURE.ALGORITHM, | 50 | algorithm: HTTP_SIGNATURE.ALGORITHM, |
43 | authorizationHeaderName: HTTP_SIGNATURE.HEADER_NAME, | 51 | authorizationHeaderName: HTTP_SIGNATURE.HEADER_NAME, |
44 | keyId: 'acct:peertube@localhost:9002', | 52 | keyId: 'acct:peertube@localhost:' + servers[1].port, |
45 | key: keys.privateKey, | 53 | key: keys.privateKey, |
46 | headers: HTTP_SIGNATURE.HEADERS_TO_SIGN | 54 | headers: HTTP_SIGNATURE.HEADERS_TO_SIGN |
47 | } | 55 | }) |
48 | 56 | ||
49 | // --------------------------------------------------------------- | 57 | // --------------------------------------------------------------- |
50 | 58 | ||
@@ -55,56 +63,56 @@ describe('Test ActivityPub security', function () { | |||
55 | 63 | ||
56 | url = servers[0].url + '/inbox' | 64 | url = servers[0].url + '/inbox' |
57 | 65 | ||
58 | await setKeysOfServer2(1, keys.publicKey, keys.privateKey) | 66 | await setKeysOfServer(servers[0], servers[1], keys.publicKey, keys.privateKey) |
59 | 67 | ||
60 | const to = { url: 'http://localhost:9001/accounts/peertube' } | 68 | const to = { url: 'http://localhost:' + servers[0].port + '/accounts/peertube' } |
61 | const by = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey } | 69 | const by = { url: 'http://localhost:' + servers[1].port + '/accounts/peertube', privateKey: keys.privateKey } |
62 | await makeFollowRequest(to, by) | 70 | await makeFollowRequest(to, by) |
63 | }) | 71 | }) |
64 | 72 | ||
65 | describe('When checking HTTP signature', function () { | 73 | describe('When checking HTTP signature', function () { |
66 | 74 | ||
67 | it('Should fail with an invalid digest', async function () { | 75 | it('Should fail with an invalid digest', async function () { |
68 | const body = activityPubContextify(require('./json/peertube/announce-without-context.json')) | 76 | const body = activityPubContextify(getAnnounceWithoutContext(servers[1])) |
69 | const headers = { | 77 | const headers = { |
70 | Digest: buildDigest({ hello: 'coucou' }) | 78 | Digest: buildDigest({ hello: 'coucou' }) |
71 | } | 79 | } |
72 | 80 | ||
73 | const { response } = await makePOSTAPRequest(url, body, baseHttpSignature, headers) | 81 | const { response } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers) |
74 | 82 | ||
75 | expect(response.statusCode).to.equal(403) | 83 | expect(response.statusCode).to.equal(403) |
76 | }) | 84 | }) |
77 | 85 | ||
78 | it('Should fail with an invalid date', async function () { | 86 | it('Should fail with an invalid date', async function () { |
79 | const body = activityPubContextify(require('./json/peertube/announce-without-context.json')) | 87 | const body = activityPubContextify(getAnnounceWithoutContext(servers[1])) |
80 | const headers = buildGlobalHeaders(body) | 88 | const headers = buildGlobalHeaders(body) |
81 | headers['date'] = 'Wed, 21 Oct 2015 07:28:00 GMT' | 89 | headers['date'] = 'Wed, 21 Oct 2015 07:28:00 GMT' |
82 | 90 | ||
83 | const { response } = await makePOSTAPRequest(url, body, baseHttpSignature, headers) | 91 | const { response } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers) |
84 | 92 | ||
85 | expect(response.statusCode).to.equal(403) | 93 | expect(response.statusCode).to.equal(403) |
86 | }) | 94 | }) |
87 | 95 | ||
88 | it('Should fail with bad keys', async function () { | 96 | it('Should fail with bad keys', async function () { |
89 | await setKeysOfServer2(1, invalidKeys.publicKey, invalidKeys.privateKey) | 97 | await setKeysOfServer(servers[0], servers[1], invalidKeys.publicKey, invalidKeys.privateKey) |
90 | await setKeysOfServer2(2, invalidKeys.publicKey, invalidKeys.privateKey) | 98 | await setKeysOfServer(servers[1], servers[1], invalidKeys.publicKey, invalidKeys.privateKey) |
91 | 99 | ||
92 | const body = activityPubContextify(require('./json/peertube/announce-without-context.json')) | 100 | const body = activityPubContextify(getAnnounceWithoutContext(servers[1])) |
93 | const headers = buildGlobalHeaders(body) | 101 | const headers = buildGlobalHeaders(body) |
94 | 102 | ||
95 | const { response } = await makePOSTAPRequest(url, body, baseHttpSignature, headers) | 103 | const { response } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers) |
96 | 104 | ||
97 | expect(response.statusCode).to.equal(403) | 105 | expect(response.statusCode).to.equal(403) |
98 | }) | 106 | }) |
99 | 107 | ||
100 | it('Should succeed with a valid HTTP signature', async function () { | 108 | it('Should succeed with a valid HTTP signature', async function () { |
101 | await setKeysOfServer2(1, keys.publicKey, keys.privateKey) | 109 | await setKeysOfServer(servers[0], servers[1], keys.publicKey, keys.privateKey) |
102 | await setKeysOfServer2(2, keys.publicKey, keys.privateKey) | 110 | await setKeysOfServer(servers[1], servers[1], keys.publicKey, keys.privateKey) |
103 | 111 | ||
104 | const body = activityPubContextify(require('./json/peertube/announce-without-context.json')) | 112 | const body = activityPubContextify(getAnnounceWithoutContext(servers[1])) |
105 | const headers = buildGlobalHeaders(body) | 113 | const headers = buildGlobalHeaders(body) |
106 | 114 | ||
107 | const { response } = await makePOSTAPRequest(url, body, baseHttpSignature, headers) | 115 | const { response } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers) |
108 | 116 | ||
109 | expect(response.statusCode).to.equal(204) | 117 | expect(response.statusCode).to.equal(204) |
110 | }) | 118 | }) |
@@ -112,28 +120,28 @@ describe('Test ActivityPub security', function () { | |||
112 | 120 | ||
113 | describe('When checking Linked Data Signature', function () { | 121 | describe('When checking Linked Data Signature', function () { |
114 | before(async () => { | 122 | before(async () => { |
115 | await setKeysOfServer3(3, keys.publicKey, keys.privateKey) | 123 | await setKeysOfServer(servers[2], servers[2], keys.publicKey, keys.privateKey) |
116 | 124 | ||
117 | const to = { url: 'http://localhost:9001/accounts/peertube' } | 125 | const to = { url: 'http://localhost:' + servers[0].port + '/accounts/peertube' } |
118 | const by = { url: 'http://localhost:9003/accounts/peertube', privateKey: keys.privateKey } | 126 | const by = { url: 'http://localhost:' + servers[2].port + '/accounts/peertube', privateKey: keys.privateKey } |
119 | await makeFollowRequest(to, by) | 127 | await makeFollowRequest(to, by) |
120 | }) | 128 | }) |
121 | 129 | ||
122 | it('Should fail with bad keys', async function () { | 130 | it('Should fail with bad keys', async function () { |
123 | this.timeout(10000) | 131 | this.timeout(10000) |
124 | 132 | ||
125 | await setKeysOfServer3(1, invalidKeys.publicKey, invalidKeys.privateKey) | 133 | await setKeysOfServer(servers[0], servers[2], invalidKeys.publicKey, invalidKeys.privateKey) |
126 | await setKeysOfServer3(3, invalidKeys.publicKey, invalidKeys.privateKey) | 134 | await setKeysOfServer(servers[2], servers[2], invalidKeys.publicKey, invalidKeys.privateKey) |
127 | 135 | ||
128 | const body = require('./json/peertube/announce-without-context.json') | 136 | const body = getAnnounceWithoutContext(servers[1]) |
129 | body.actor = 'http://localhost:9003/accounts/peertube' | 137 | body.actor = 'http://localhost:' + servers[2].port + '/accounts/peertube' |
130 | 138 | ||
131 | const signer: any = { privateKey: invalidKeys.privateKey, url: 'http://localhost:9003/accounts/peertube' } | 139 | const signer: any = { privateKey: invalidKeys.privateKey, url: 'http://localhost:' + servers[2].port + '/accounts/peertube' } |
132 | const signedBody = await buildSignedActivity(signer, body) | 140 | const signedBody = await buildSignedActivity(signer, body) |
133 | 141 | ||
134 | const headers = buildGlobalHeaders(signedBody) | 142 | const headers = buildGlobalHeaders(signedBody) |
135 | 143 | ||
136 | const { response } = await makePOSTAPRequest(url, signedBody, baseHttpSignature, headers) | 144 | const { response } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers) |
137 | 145 | ||
138 | expect(response.statusCode).to.equal(403) | 146 | expect(response.statusCode).to.equal(403) |
139 | }) | 147 | }) |
@@ -141,20 +149,20 @@ describe('Test ActivityPub security', function () { | |||
141 | it('Should fail with an altered body', async function () { | 149 | it('Should fail with an altered body', async function () { |
142 | this.timeout(10000) | 150 | this.timeout(10000) |
143 | 151 | ||
144 | await setKeysOfServer3(1, keys.publicKey, keys.privateKey) | 152 | await setKeysOfServer(servers[0], servers[2], keys.publicKey, keys.privateKey) |
145 | await setKeysOfServer3(3, keys.publicKey, keys.privateKey) | 153 | await setKeysOfServer(servers[0], servers[2], keys.publicKey, keys.privateKey) |
146 | 154 | ||
147 | const body = require('./json/peertube/announce-without-context.json') | 155 | const body = getAnnounceWithoutContext(servers[1]) |
148 | body.actor = 'http://localhost:9003/accounts/peertube' | 156 | body.actor = 'http://localhost:' + servers[2].port + '/accounts/peertube' |
149 | 157 | ||
150 | const signer: any = { privateKey: keys.privateKey, url: 'http://localhost:9003/accounts/peertube' } | 158 | const signer: any = { privateKey: keys.privateKey, url: 'http://localhost:' + servers[2].port + '/accounts/peertube' } |
151 | const signedBody = await buildSignedActivity(signer, body) | 159 | const signedBody = await buildSignedActivity(signer, body) |
152 | 160 | ||
153 | signedBody.actor = 'http://localhost:9003/account/peertube' | 161 | signedBody.actor = 'http://localhost:' + servers[2].port + '/account/peertube' |
154 | 162 | ||
155 | const headers = buildGlobalHeaders(signedBody) | 163 | const headers = buildGlobalHeaders(signedBody) |
156 | 164 | ||
157 | const { response } = await makePOSTAPRequest(url, signedBody, baseHttpSignature, headers) | 165 | const { response } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers) |
158 | 166 | ||
159 | expect(response.statusCode).to.equal(403) | 167 | expect(response.statusCode).to.equal(403) |
160 | }) | 168 | }) |
@@ -162,22 +170,24 @@ describe('Test ActivityPub security', function () { | |||
162 | it('Should succeed with a valid signature', async function () { | 170 | it('Should succeed with a valid signature', async function () { |
163 | this.timeout(10000) | 171 | this.timeout(10000) |
164 | 172 | ||
165 | const body = require('./json/peertube/announce-without-context.json') | 173 | const body = getAnnounceWithoutContext(servers[1]) |
166 | body.actor = 'http://localhost:9003/accounts/peertube' | 174 | body.actor = 'http://localhost:' + servers[2].port + '/accounts/peertube' |
167 | 175 | ||
168 | const signer: any = { privateKey: keys.privateKey, url: 'http://localhost:9003/accounts/peertube' } | 176 | const signer: any = { privateKey: keys.privateKey, url: 'http://localhost:' + servers[2].port + '/accounts/peertube' } |
169 | const signedBody = await buildSignedActivity(signer, body) | 177 | const signedBody = await buildSignedActivity(signer, body) |
170 | 178 | ||
171 | const headers = buildGlobalHeaders(signedBody) | 179 | const headers = buildGlobalHeaders(signedBody) |
172 | 180 | ||
173 | const { response } = await makePOSTAPRequest(url, signedBody, baseHttpSignature, headers) | 181 | const { response } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers) |
174 | 182 | ||
175 | expect(response.statusCode).to.equal(204) | 183 | expect(response.statusCode).to.equal(204) |
176 | }) | 184 | }) |
177 | }) | 185 | }) |
178 | 186 | ||
179 | after(async function () { | 187 | after(async function () { |
180 | killallServers(servers) | 188 | this.timeout(10000) |
189 | |||
190 | await cleanupTests(servers) | ||
181 | 191 | ||
182 | await closeAllSequelize(servers) | 192 | await closeAllSequelize(servers) |
183 | }) | 193 | }) |