diff options
Diffstat (limited to 'server/tests/api/activitypub/security.ts')
-rw-r--r-- | server/tests/api/activitypub/security.ts | 58 |
1 files changed, 32 insertions, 26 deletions
diff --git a/server/tests/api/activitypub/security.ts b/server/tests/api/activitypub/security.ts index c6f171633..d6a07b87f 100644 --- a/server/tests/api/activitypub/security.ts +++ b/server/tests/api/activitypub/security.ts | |||
@@ -5,26 +5,26 @@ import { buildDigest } from '@server/helpers/peertube-crypto' | |||
5 | import { ACTIVITY_PUB, HTTP_SIGNATURE } from '@server/initializers/constants' | 5 | import { ACTIVITY_PUB, HTTP_SIGNATURE } from '@server/initializers/constants' |
6 | import { activityPubContextify } from '@server/lib/activitypub/context' | 6 | import { activityPubContextify } from '@server/lib/activitypub/context' |
7 | import { buildGlobalHeaders, signAndContextify } from '@server/lib/activitypub/send' | 7 | import { buildGlobalHeaders, signAndContextify } from '@server/lib/activitypub/send' |
8 | import { makePOSTAPRequest } from '@server/tests/shared' | 8 | import { makePOSTAPRequest, SQLCommand } from '@server/tests/shared' |
9 | import { buildAbsoluteFixturePath, wait } from '@shared/core-utils' | 9 | import { buildAbsoluteFixturePath, wait } from '@shared/core-utils' |
10 | import { HttpStatusCode } from '@shared/models' | 10 | import { HttpStatusCode } from '@shared/models' |
11 | import { cleanupTests, createMultipleServers, killallServers, PeerTubeServer } from '@shared/server-commands' | 11 | import { cleanupTests, createMultipleServers, killallServers, PeerTubeServer } from '@shared/server-commands' |
12 | 12 | ||
13 | function setKeysOfServer (onServer: PeerTubeServer, ofServer: PeerTubeServer, publicKey: string, privateKey: string) { | 13 | function setKeysOfServer (onServer: SQLCommand, ofServerUrl: string, publicKey: string, privateKey: string) { |
14 | const url = ofServer.url + '/accounts/peertube' | 14 | const url = ofServerUrl + '/accounts/peertube' |
15 | 15 | ||
16 | return Promise.all([ | 16 | return Promise.all([ |
17 | onServer.sql.setActorField(url, 'publicKey', publicKey), | 17 | onServer.setActorField(url, 'publicKey', publicKey), |
18 | onServer.sql.setActorField(url, 'privateKey', privateKey) | 18 | onServer.setActorField(url, 'privateKey', privateKey) |
19 | ]) | 19 | ]) |
20 | } | 20 | } |
21 | 21 | ||
22 | function setUpdatedAtOfServer (onServer: PeerTubeServer, ofServer: PeerTubeServer, updatedAt: string) { | 22 | function setUpdatedAtOfServer (onServer: SQLCommand, ofServerUrl: string, updatedAt: string) { |
23 | const url = ofServer.url + '/accounts/peertube' | 23 | const url = ofServerUrl + '/accounts/peertube' |
24 | 24 | ||
25 | return Promise.all([ | 25 | return Promise.all([ |
26 | onServer.sql.setActorField(url, 'createdAt', updatedAt), | 26 | onServer.setActorField(url, 'createdAt', updatedAt), |
27 | onServer.sql.setActorField(url, 'updatedAt', updatedAt) | 27 | onServer.setActorField(url, 'updatedAt', updatedAt) |
28 | ]) | 28 | ]) |
29 | } | 29 | } |
30 | 30 | ||
@@ -71,6 +71,8 @@ async function makeFollowRequest (to: { url: string }, by: { url: string, privat | |||
71 | 71 | ||
72 | describe('Test ActivityPub security', function () { | 72 | describe('Test ActivityPub security', function () { |
73 | let servers: PeerTubeServer[] | 73 | let servers: PeerTubeServer[] |
74 | let sqlCommands: SQLCommand[] | ||
75 | |||
74 | let url: string | 76 | let url: string |
75 | 77 | ||
76 | const keys = require(buildAbsoluteFixturePath('./ap-json/peertube/keys.json')) | 78 | const keys = require(buildAbsoluteFixturePath('./ap-json/peertube/keys.json')) |
@@ -90,10 +92,12 @@ describe('Test ActivityPub security', function () { | |||
90 | 92 | ||
91 | servers = await createMultipleServers(3) | 93 | servers = await createMultipleServers(3) |
92 | 94 | ||
95 | sqlCommands = servers.map(s => new SQLCommand(s)) | ||
96 | |||
93 | url = servers[0].url + '/inbox' | 97 | url = servers[0].url + '/inbox' |
94 | 98 | ||
95 | await setKeysOfServer(servers[0], servers[1], keys.publicKey, null) | 99 | await setKeysOfServer(sqlCommands[0], servers[1].url, keys.publicKey, null) |
96 | await setKeysOfServer(servers[1], servers[1], keys.publicKey, keys.privateKey) | 100 | await setKeysOfServer(sqlCommands[1], servers[1].url, keys.publicKey, keys.privateKey) |
97 | 101 | ||
98 | const to = { url: servers[0].url + '/accounts/peertube' } | 102 | const to = { url: servers[0].url + '/accounts/peertube' } |
99 | const by = { url: servers[1].url + '/accounts/peertube', privateKey: keys.privateKey } | 103 | const by = { url: servers[1].url + '/accounts/peertube', privateKey: keys.privateKey } |
@@ -130,8 +134,8 @@ describe('Test ActivityPub security', function () { | |||
130 | }) | 134 | }) |
131 | 135 | ||
132 | it('Should fail with bad keys', async function () { | 136 | it('Should fail with bad keys', async function () { |
133 | await setKeysOfServer(servers[0], servers[1], invalidKeys.publicKey, invalidKeys.privateKey) | 137 | await setKeysOfServer(sqlCommands[0], servers[1].url, invalidKeys.publicKey, invalidKeys.privateKey) |
134 | await setKeysOfServer(servers[1], servers[1], invalidKeys.publicKey, invalidKeys.privateKey) | 138 | await setKeysOfServer(sqlCommands[1], servers[1].url, invalidKeys.publicKey, invalidKeys.privateKey) |
135 | 139 | ||
136 | const body = await activityPubContextify(getAnnounceWithoutContext(servers[1]), 'Announce') | 140 | const body = await activityPubContextify(getAnnounceWithoutContext(servers[1]), 'Announce') |
137 | const headers = buildGlobalHeaders(body) | 141 | const headers = buildGlobalHeaders(body) |
@@ -145,8 +149,8 @@ describe('Test ActivityPub security', function () { | |||
145 | }) | 149 | }) |
146 | 150 | ||
147 | it('Should reject requests without appropriate signed headers', async function () { | 151 | it('Should reject requests without appropriate signed headers', async function () { |
148 | await setKeysOfServer(servers[0], servers[1], keys.publicKey, keys.privateKey) | 152 | await setKeysOfServer(sqlCommands[0], servers[1].url, keys.publicKey, keys.privateKey) |
149 | await setKeysOfServer(servers[1], servers[1], keys.publicKey, keys.privateKey) | 153 | await setKeysOfServer(sqlCommands[1], servers[1].url, keys.publicKey, keys.privateKey) |
150 | 154 | ||
151 | const body = await activityPubContextify(getAnnounceWithoutContext(servers[1]), 'Announce') | 155 | const body = await activityPubContextify(getAnnounceWithoutContext(servers[1]), 'Announce') |
152 | const headers = buildGlobalHeaders(body) | 156 | const headers = buildGlobalHeaders(body) |
@@ -194,8 +198,8 @@ describe('Test ActivityPub security', function () { | |||
194 | 198 | ||
195 | // Update keys of server 2 to invalid keys | 199 | // Update keys of server 2 to invalid keys |
196 | // Server 1 should refresh the actor and fail | 200 | // Server 1 should refresh the actor and fail |
197 | await setKeysOfServer(servers[1], servers[1], invalidKeys.publicKey, invalidKeys.privateKey) | 201 | await setKeysOfServer(sqlCommands[1], servers[1].url, invalidKeys.publicKey, invalidKeys.privateKey) |
198 | await setUpdatedAtOfServer(servers[0], servers[1], '2015-07-17 22:00:00+00') | 202 | await setUpdatedAtOfServer(sqlCommands[0], servers[1].url, '2015-07-17 22:00:00+00') |
199 | 203 | ||
200 | // Invalid peertube actor cache | 204 | // Invalid peertube actor cache |
201 | await killallServers([ servers[1] ]) | 205 | await killallServers([ servers[1] ]) |
@@ -218,9 +222,9 @@ describe('Test ActivityPub security', function () { | |||
218 | before(async function () { | 222 | before(async function () { |
219 | this.timeout(10000) | 223 | this.timeout(10000) |
220 | 224 | ||
221 | await setKeysOfServer(servers[0], servers[1], keys.publicKey, keys.privateKey) | 225 | await setKeysOfServer(sqlCommands[0], servers[1].url, keys.publicKey, keys.privateKey) |
222 | await setKeysOfServer(servers[1], servers[1], keys.publicKey, keys.privateKey) | 226 | await setKeysOfServer(sqlCommands[1], servers[1].url, keys.publicKey, keys.privateKey) |
223 | await setKeysOfServer(servers[2], servers[2], keys.publicKey, keys.privateKey) | 227 | await setKeysOfServer(sqlCommands[2], servers[2].url, keys.publicKey, keys.privateKey) |
224 | 228 | ||
225 | const to = { url: servers[0].url + '/accounts/peertube' } | 229 | const to = { url: servers[0].url + '/accounts/peertube' } |
226 | const by = { url: servers[2].url + '/accounts/peertube', privateKey: keys.privateKey } | 230 | const by = { url: servers[2].url + '/accounts/peertube', privateKey: keys.privateKey } |
@@ -230,8 +234,8 @@ describe('Test ActivityPub security', function () { | |||
230 | it('Should fail with bad keys', async function () { | 234 | it('Should fail with bad keys', async function () { |
231 | this.timeout(10000) | 235 | this.timeout(10000) |
232 | 236 | ||
233 | await setKeysOfServer(servers[0], servers[2], invalidKeys.publicKey, invalidKeys.privateKey) | 237 | await setKeysOfServer(sqlCommands[0], servers[2].url, invalidKeys.publicKey, invalidKeys.privateKey) |
234 | await setKeysOfServer(servers[2], servers[2], invalidKeys.publicKey, invalidKeys.privateKey) | 238 | await setKeysOfServer(sqlCommands[2], servers[2].url, invalidKeys.publicKey, invalidKeys.privateKey) |
235 | 239 | ||
236 | const body = getAnnounceWithoutContext(servers[1]) | 240 | const body = getAnnounceWithoutContext(servers[1]) |
237 | body.actor = servers[2].url + '/accounts/peertube' | 241 | body.actor = servers[2].url + '/accounts/peertube' |
@@ -252,8 +256,8 @@ describe('Test ActivityPub security', function () { | |||
252 | it('Should fail with an altered body', async function () { | 256 | it('Should fail with an altered body', async function () { |
253 | this.timeout(10000) | 257 | this.timeout(10000) |
254 | 258 | ||
255 | await setKeysOfServer(servers[0], servers[2], keys.publicKey, keys.privateKey) | 259 | await setKeysOfServer(sqlCommands[0], servers[2].url, keys.publicKey, keys.privateKey) |
256 | await setKeysOfServer(servers[0], servers[2], keys.publicKey, keys.privateKey) | 260 | await setKeysOfServer(sqlCommands[0], servers[2].url, keys.publicKey, keys.privateKey) |
257 | 261 | ||
258 | const body = getAnnounceWithoutContext(servers[1]) | 262 | const body = getAnnounceWithoutContext(servers[1]) |
259 | body.actor = servers[2].url + '/accounts/peertube' | 263 | body.actor = servers[2].url + '/accounts/peertube' |
@@ -296,7 +300,7 @@ describe('Test ActivityPub security', function () { | |||
296 | 300 | ||
297 | // Update keys of server 3 to invalid keys | 301 | // Update keys of server 3 to invalid keys |
298 | // Server 1 should refresh the actor and fail | 302 | // Server 1 should refresh the actor and fail |
299 | await setKeysOfServer(servers[2], servers[2], invalidKeys.publicKey, invalidKeys.privateKey) | 303 | await setKeysOfServer(sqlCommands[2], servers[2].url, invalidKeys.publicKey, invalidKeys.privateKey) |
300 | 304 | ||
301 | const body = getAnnounceWithoutContext(servers[1]) | 305 | const body = getAnnounceWithoutContext(servers[1]) |
302 | body.actor = servers[2].url + '/accounts/peertube' | 306 | body.actor = servers[2].url + '/accounts/peertube' |
@@ -316,7 +320,9 @@ describe('Test ActivityPub security', function () { | |||
316 | }) | 320 | }) |
317 | 321 | ||
318 | after(async function () { | 322 | after(async function () { |
319 | this.timeout(10000) | 323 | for (const sql of sqlCommands) { |
324 | await sql.cleanup() | ||
325 | } | ||
320 | 326 | ||
321 | await cleanupTests(servers) | 327 | await cleanupTests(servers) |
322 | }) | 328 | }) |