diff options
Diffstat (limited to 'server/tests/api/activitypub/security.ts')
| -rw-r--r-- | server/tests/api/activitypub/security.ts | 58 |
1 files changed, 32 insertions, 26 deletions
diff --git a/server/tests/api/activitypub/security.ts b/server/tests/api/activitypub/security.ts index c6f171633..d6a07b87f 100644 --- a/server/tests/api/activitypub/security.ts +++ b/server/tests/api/activitypub/security.ts | |||
| @@ -5,26 +5,26 @@ import { buildDigest } from '@server/helpers/peertube-crypto' | |||
| 5 | import { ACTIVITY_PUB, HTTP_SIGNATURE } from '@server/initializers/constants' | 5 | import { ACTIVITY_PUB, HTTP_SIGNATURE } from '@server/initializers/constants' |
| 6 | import { activityPubContextify } from '@server/lib/activitypub/context' | 6 | import { activityPubContextify } from '@server/lib/activitypub/context' |
| 7 | import { buildGlobalHeaders, signAndContextify } from '@server/lib/activitypub/send' | 7 | import { buildGlobalHeaders, signAndContextify } from '@server/lib/activitypub/send' |
| 8 | import { makePOSTAPRequest } from '@server/tests/shared' | 8 | import { makePOSTAPRequest, SQLCommand } from '@server/tests/shared' |
| 9 | import { buildAbsoluteFixturePath, wait } from '@shared/core-utils' | 9 | import { buildAbsoluteFixturePath, wait } from '@shared/core-utils' |
| 10 | import { HttpStatusCode } from '@shared/models' | 10 | import { HttpStatusCode } from '@shared/models' |
| 11 | import { cleanupTests, createMultipleServers, killallServers, PeerTubeServer } from '@shared/server-commands' | 11 | import { cleanupTests, createMultipleServers, killallServers, PeerTubeServer } from '@shared/server-commands' |
| 12 | 12 | ||
| 13 | function setKeysOfServer (onServer: PeerTubeServer, ofServer: PeerTubeServer, publicKey: string, privateKey: string) { | 13 | function setKeysOfServer (onServer: SQLCommand, ofServerUrl: string, publicKey: string, privateKey: string) { |
| 14 | const url = ofServer.url + '/accounts/peertube' | 14 | const url = ofServerUrl + '/accounts/peertube' |
| 15 | 15 | ||
| 16 | return Promise.all([ | 16 | return Promise.all([ |
| 17 | onServer.sql.setActorField(url, 'publicKey', publicKey), | 17 | onServer.setActorField(url, 'publicKey', publicKey), |
| 18 | onServer.sql.setActorField(url, 'privateKey', privateKey) | 18 | onServer.setActorField(url, 'privateKey', privateKey) |
| 19 | ]) | 19 | ]) |
| 20 | } | 20 | } |
| 21 | 21 | ||
| 22 | function setUpdatedAtOfServer (onServer: PeerTubeServer, ofServer: PeerTubeServer, updatedAt: string) { | 22 | function setUpdatedAtOfServer (onServer: SQLCommand, ofServerUrl: string, updatedAt: string) { |
| 23 | const url = ofServer.url + '/accounts/peertube' | 23 | const url = ofServerUrl + '/accounts/peertube' |
| 24 | 24 | ||
| 25 | return Promise.all([ | 25 | return Promise.all([ |
| 26 | onServer.sql.setActorField(url, 'createdAt', updatedAt), | 26 | onServer.setActorField(url, 'createdAt', updatedAt), |
| 27 | onServer.sql.setActorField(url, 'updatedAt', updatedAt) | 27 | onServer.setActorField(url, 'updatedAt', updatedAt) |
| 28 | ]) | 28 | ]) |
| 29 | } | 29 | } |
| 30 | 30 | ||
| @@ -71,6 +71,8 @@ async function makeFollowRequest (to: { url: string }, by: { url: string, privat | |||
| 71 | 71 | ||
| 72 | describe('Test ActivityPub security', function () { | 72 | describe('Test ActivityPub security', function () { |
| 73 | let servers: PeerTubeServer[] | 73 | let servers: PeerTubeServer[] |
| 74 | let sqlCommands: SQLCommand[] | ||
| 75 | |||
| 74 | let url: string | 76 | let url: string |
| 75 | 77 | ||
| 76 | const keys = require(buildAbsoluteFixturePath('./ap-json/peertube/keys.json')) | 78 | const keys = require(buildAbsoluteFixturePath('./ap-json/peertube/keys.json')) |
| @@ -90,10 +92,12 @@ describe('Test ActivityPub security', function () { | |||
| 90 | 92 | ||
| 91 | servers = await createMultipleServers(3) | 93 | servers = await createMultipleServers(3) |
| 92 | 94 | ||
| 95 | sqlCommands = servers.map(s => new SQLCommand(s)) | ||
| 96 | |||
| 93 | url = servers[0].url + '/inbox' | 97 | url = servers[0].url + '/inbox' |
| 94 | 98 | ||
| 95 | await setKeysOfServer(servers[0], servers[1], keys.publicKey, null) | 99 | await setKeysOfServer(sqlCommands[0], servers[1].url, keys.publicKey, null) |
| 96 | await setKeysOfServer(servers[1], servers[1], keys.publicKey, keys.privateKey) | 100 | await setKeysOfServer(sqlCommands[1], servers[1].url, keys.publicKey, keys.privateKey) |
| 97 | 101 | ||
| 98 | const to = { url: servers[0].url + '/accounts/peertube' } | 102 | const to = { url: servers[0].url + '/accounts/peertube' } |
| 99 | const by = { url: servers[1].url + '/accounts/peertube', privateKey: keys.privateKey } | 103 | const by = { url: servers[1].url + '/accounts/peertube', privateKey: keys.privateKey } |
| @@ -130,8 +134,8 @@ describe('Test ActivityPub security', function () { | |||
| 130 | }) | 134 | }) |
| 131 | 135 | ||
| 132 | it('Should fail with bad keys', async function () { | 136 | it('Should fail with bad keys', async function () { |
| 133 | await setKeysOfServer(servers[0], servers[1], invalidKeys.publicKey, invalidKeys.privateKey) | 137 | await setKeysOfServer(sqlCommands[0], servers[1].url, invalidKeys.publicKey, invalidKeys.privateKey) |
| 134 | await setKeysOfServer(servers[1], servers[1], invalidKeys.publicKey, invalidKeys.privateKey) | 138 | await setKeysOfServer(sqlCommands[1], servers[1].url, invalidKeys.publicKey, invalidKeys.privateKey) |
| 135 | 139 | ||
| 136 | const body = await activityPubContextify(getAnnounceWithoutContext(servers[1]), 'Announce') | 140 | const body = await activityPubContextify(getAnnounceWithoutContext(servers[1]), 'Announce') |
| 137 | const headers = buildGlobalHeaders(body) | 141 | const headers = buildGlobalHeaders(body) |
| @@ -145,8 +149,8 @@ describe('Test ActivityPub security', function () { | |||
| 145 | }) | 149 | }) |
| 146 | 150 | ||
| 147 | it('Should reject requests without appropriate signed headers', async function () { | 151 | it('Should reject requests without appropriate signed headers', async function () { |
| 148 | await setKeysOfServer(servers[0], servers[1], keys.publicKey, keys.privateKey) | 152 | await setKeysOfServer(sqlCommands[0], servers[1].url, keys.publicKey, keys.privateKey) |
| 149 | await setKeysOfServer(servers[1], servers[1], keys.publicKey, keys.privateKey) | 153 | await setKeysOfServer(sqlCommands[1], servers[1].url, keys.publicKey, keys.privateKey) |
| 150 | 154 | ||
| 151 | const body = await activityPubContextify(getAnnounceWithoutContext(servers[1]), 'Announce') | 155 | const body = await activityPubContextify(getAnnounceWithoutContext(servers[1]), 'Announce') |
| 152 | const headers = buildGlobalHeaders(body) | 156 | const headers = buildGlobalHeaders(body) |
| @@ -194,8 +198,8 @@ describe('Test ActivityPub security', function () { | |||
| 194 | 198 | ||
| 195 | // Update keys of server 2 to invalid keys | 199 | // Update keys of server 2 to invalid keys |
| 196 | // Server 1 should refresh the actor and fail | 200 | // Server 1 should refresh the actor and fail |
| 197 | await setKeysOfServer(servers[1], servers[1], invalidKeys.publicKey, invalidKeys.privateKey) | 201 | await setKeysOfServer(sqlCommands[1], servers[1].url, invalidKeys.publicKey, invalidKeys.privateKey) |
| 198 | await setUpdatedAtOfServer(servers[0], servers[1], '2015-07-17 22:00:00+00') | 202 | await setUpdatedAtOfServer(sqlCommands[0], servers[1].url, '2015-07-17 22:00:00+00') |
| 199 | 203 | ||
| 200 | // Invalid peertube actor cache | 204 | // Invalid peertube actor cache |
| 201 | await killallServers([ servers[1] ]) | 205 | await killallServers([ servers[1] ]) |
| @@ -218,9 +222,9 @@ describe('Test ActivityPub security', function () { | |||
| 218 | before(async function () { | 222 | before(async function () { |
| 219 | this.timeout(10000) | 223 | this.timeout(10000) |
| 220 | 224 | ||
| 221 | await setKeysOfServer(servers[0], servers[1], keys.publicKey, keys.privateKey) | 225 | await setKeysOfServer(sqlCommands[0], servers[1].url, keys.publicKey, keys.privateKey) |
| 222 | await setKeysOfServer(servers[1], servers[1], keys.publicKey, keys.privateKey) | 226 | await setKeysOfServer(sqlCommands[1], servers[1].url, keys.publicKey, keys.privateKey) |
| 223 | await setKeysOfServer(servers[2], servers[2], keys.publicKey, keys.privateKey) | 227 | await setKeysOfServer(sqlCommands[2], servers[2].url, keys.publicKey, keys.privateKey) |
| 224 | 228 | ||
| 225 | const to = { url: servers[0].url + '/accounts/peertube' } | 229 | const to = { url: servers[0].url + '/accounts/peertube' } |
| 226 | const by = { url: servers[2].url + '/accounts/peertube', privateKey: keys.privateKey } | 230 | const by = { url: servers[2].url + '/accounts/peertube', privateKey: keys.privateKey } |
| @@ -230,8 +234,8 @@ describe('Test ActivityPub security', function () { | |||
| 230 | it('Should fail with bad keys', async function () { | 234 | it('Should fail with bad keys', async function () { |
| 231 | this.timeout(10000) | 235 | this.timeout(10000) |
| 232 | 236 | ||
| 233 | await setKeysOfServer(servers[0], servers[2], invalidKeys.publicKey, invalidKeys.privateKey) | 237 | await setKeysOfServer(sqlCommands[0], servers[2].url, invalidKeys.publicKey, invalidKeys.privateKey) |
| 234 | await setKeysOfServer(servers[2], servers[2], invalidKeys.publicKey, invalidKeys.privateKey) | 238 | await setKeysOfServer(sqlCommands[2], servers[2].url, invalidKeys.publicKey, invalidKeys.privateKey) |
| 235 | 239 | ||
| 236 | const body = getAnnounceWithoutContext(servers[1]) | 240 | const body = getAnnounceWithoutContext(servers[1]) |
| 237 | body.actor = servers[2].url + '/accounts/peertube' | 241 | body.actor = servers[2].url + '/accounts/peertube' |
| @@ -252,8 +256,8 @@ describe('Test ActivityPub security', function () { | |||
| 252 | it('Should fail with an altered body', async function () { | 256 | it('Should fail with an altered body', async function () { |
| 253 | this.timeout(10000) | 257 | this.timeout(10000) |
| 254 | 258 | ||
| 255 | await setKeysOfServer(servers[0], servers[2], keys.publicKey, keys.privateKey) | 259 | await setKeysOfServer(sqlCommands[0], servers[2].url, keys.publicKey, keys.privateKey) |
| 256 | await setKeysOfServer(servers[0], servers[2], keys.publicKey, keys.privateKey) | 260 | await setKeysOfServer(sqlCommands[0], servers[2].url, keys.publicKey, keys.privateKey) |
| 257 | 261 | ||
| 258 | const body = getAnnounceWithoutContext(servers[1]) | 262 | const body = getAnnounceWithoutContext(servers[1]) |
| 259 | body.actor = servers[2].url + '/accounts/peertube' | 263 | body.actor = servers[2].url + '/accounts/peertube' |
| @@ -296,7 +300,7 @@ describe('Test ActivityPub security', function () { | |||
| 296 | 300 | ||
| 297 | // Update keys of server 3 to invalid keys | 301 | // Update keys of server 3 to invalid keys |
| 298 | // Server 1 should refresh the actor and fail | 302 | // Server 1 should refresh the actor and fail |
| 299 | await setKeysOfServer(servers[2], servers[2], invalidKeys.publicKey, invalidKeys.privateKey) | 303 | await setKeysOfServer(sqlCommands[2], servers[2].url, invalidKeys.publicKey, invalidKeys.privateKey) |
| 300 | 304 | ||
| 301 | const body = getAnnounceWithoutContext(servers[1]) | 305 | const body = getAnnounceWithoutContext(servers[1]) |
| 302 | body.actor = servers[2].url + '/accounts/peertube' | 306 | body.actor = servers[2].url + '/accounts/peertube' |
| @@ -316,7 +320,9 @@ describe('Test ActivityPub security', function () { | |||
| 316 | }) | 320 | }) |
| 317 | 321 | ||
| 318 | after(async function () { | 322 | after(async function () { |
| 319 | this.timeout(10000) | 323 | for (const sql of sqlCommands) { |
| 324 | await sql.cleanup() | ||
| 325 | } | ||
| 320 | 326 | ||
| 321 | await cleanupTests(servers) | 327 | await cleanupTests(servers) |
| 322 | }) | 328 | }) |