diff options
Diffstat (limited to 'server/tests/api/activitypub')
16 files changed, 1091 insertions, 0 deletions
diff --git a/server/tests/api/activitypub/client.ts b/server/tests/api/activitypub/client.ts new file mode 100644 index 000000000..6d90d8643 --- /dev/null +++ b/server/tests/api/activitypub/client.ts | |||
@@ -0,0 +1,67 @@ | |||
1 | /* tslint:disable:no-unused-expression */ | ||
2 | |||
3 | import * as chai from 'chai' | ||
4 | import 'mocha' | ||
5 | import { | ||
6 | doubleFollow, | ||
7 | flushAndRunMultipleServers, | ||
8 | flushTests, | ||
9 | killallServers, | ||
10 | makeActivityPubGetRequest, | ||
11 | ServerInfo, | ||
12 | setAccessTokensToServers, | ||
13 | uploadVideo | ||
14 | } from '../../../../shared/utils' | ||
15 | |||
16 | const expect = chai.expect | ||
17 | |||
18 | describe('Test activitypub', function () { | ||
19 | let servers: ServerInfo[] = [] | ||
20 | let videoUUID: string | ||
21 | |||
22 | before(async function () { | ||
23 | this.timeout(30000) | ||
24 | |||
25 | await flushTests() | ||
26 | |||
27 | servers = await flushAndRunMultipleServers(2) | ||
28 | |||
29 | await setAccessTokensToServers(servers) | ||
30 | |||
31 | { | ||
32 | const res = await uploadVideo(servers[0].url, servers[0].accessToken, { name: 'video' }) | ||
33 | videoUUID = res.body.video.uuid | ||
34 | } | ||
35 | |||
36 | await doubleFollow(servers[0], servers[1]) | ||
37 | }) | ||
38 | |||
39 | it('Should return the account object', async function () { | ||
40 | const res = await makeActivityPubGetRequest(servers[0].url, '/accounts/root') | ||
41 | const object = res.body | ||
42 | |||
43 | expect(object.type).to.equal('Person') | ||
44 | expect(object.id).to.equal('http://localhost:9001/accounts/root') | ||
45 | expect(object.name).to.equal('root') | ||
46 | expect(object.preferredUsername).to.equal('root') | ||
47 | }) | ||
48 | |||
49 | it('Should return the video object', async function () { | ||
50 | const res = await makeActivityPubGetRequest(servers[0].url, '/videos/watch/' + videoUUID) | ||
51 | const object = res.body | ||
52 | |||
53 | expect(object.type).to.equal('Video') | ||
54 | expect(object.id).to.equal('http://localhost:9001/videos/watch/' + videoUUID) | ||
55 | expect(object.name).to.equal('video') | ||
56 | }) | ||
57 | |||
58 | it('Should redirect to the origin video object', async function () { | ||
59 | const res = await makeActivityPubGetRequest(servers[1].url, '/videos/watch/' + videoUUID, 302) | ||
60 | |||
61 | expect(res.header.location).to.equal('http://localhost:9001/videos/watch/' + videoUUID) | ||
62 | }) | ||
63 | |||
64 | after(async function () { | ||
65 | killallServers(servers) | ||
66 | }) | ||
67 | }) | ||
diff --git a/server/tests/api/activitypub/fetch.ts b/server/tests/api/activitypub/fetch.ts new file mode 100644 index 000000000..03609c1a9 --- /dev/null +++ b/server/tests/api/activitypub/fetch.ts | |||
@@ -0,0 +1,87 @@ | |||
1 | /* tslint:disable:no-unused-expression */ | ||
2 | |||
3 | import 'mocha' | ||
4 | |||
5 | import { | ||
6 | createUser, | ||
7 | doubleFollow, | ||
8 | flushAndRunMultipleServers, | ||
9 | flushTests, | ||
10 | getVideosListSort, | ||
11 | killallServers, | ||
12 | ServerInfo, | ||
13 | setAccessTokensToServers, | ||
14 | setActorField, | ||
15 | setVideoField, | ||
16 | uploadVideo, | ||
17 | userLogin, | ||
18 | waitJobs | ||
19 | } from '../../../../shared/utils' | ||
20 | import * as chai from 'chai' | ||
21 | import { Video } from '../../../../shared/models/videos' | ||
22 | |||
23 | const expect = chai.expect | ||
24 | |||
25 | describe('Test ActivityPub fetcher', function () { | ||
26 | let servers: ServerInfo[] | ||
27 | |||
28 | // --------------------------------------------------------------- | ||
29 | |||
30 | before(async function () { | ||
31 | this.timeout(60000) | ||
32 | |||
33 | servers = await flushAndRunMultipleServers(3) | ||
34 | |||
35 | // Get the access tokens | ||
36 | await setAccessTokensToServers(servers) | ||
37 | |||
38 | const user = { username: 'user1', password: 'password' } | ||
39 | for (const server of servers) { | ||
40 | await createUser(server.url, server.accessToken, user.username, user.password) | ||
41 | } | ||
42 | |||
43 | const userAccessToken = await userLogin(servers[0], user) | ||
44 | |||
45 | await uploadVideo(servers[0].url, servers[0].accessToken, { name: 'video root' }) | ||
46 | const res = await uploadVideo(servers[0].url, servers[0].accessToken, { name: 'bad video root' }) | ||
47 | const badVideoUUID = res.body.video.uuid | ||
48 | await uploadVideo(servers[0].url, userAccessToken, { name: 'video user' }) | ||
49 | |||
50 | await setActorField(1, 'http://localhost:9001/accounts/user1', 'url', 'http://localhost:9002/accounts/user1') | ||
51 | await setVideoField(1, badVideoUUID, 'url', 'http://localhost:9003/videos/watch/' + badVideoUUID) | ||
52 | }) | ||
53 | |||
54 | it('Should add only the video with a valid actor URL', async function () { | ||
55 | this.timeout(60000) | ||
56 | |||
57 | await doubleFollow(servers[0], servers[1]) | ||
58 | await waitJobs(servers) | ||
59 | |||
60 | { | ||
61 | const res = await getVideosListSort(servers[0].url, 'createdAt') | ||
62 | expect(res.body.total).to.equal(3) | ||
63 | |||
64 | const data: Video[] = res.body.data | ||
65 | expect(data[0].name).to.equal('video root') | ||
66 | expect(data[1].name).to.equal('bad video root') | ||
67 | expect(data[2].name).to.equal('video user') | ||
68 | } | ||
69 | |||
70 | { | ||
71 | const res = await getVideosListSort(servers[1].url, 'createdAt') | ||
72 | expect(res.body.total).to.equal(1) | ||
73 | |||
74 | const data: Video[] = res.body.data | ||
75 | expect(data[0].name).to.equal('video root') | ||
76 | } | ||
77 | }) | ||
78 | |||
79 | after(async function () { | ||
80 | killallServers(servers) | ||
81 | |||
82 | // Keep the logs if the test failed | ||
83 | if (this['ok']) { | ||
84 | await flushTests() | ||
85 | } | ||
86 | }) | ||
87 | }) | ||
diff --git a/server/tests/api/activitypub/helpers.ts b/server/tests/api/activitypub/helpers.ts new file mode 100644 index 000000000..ac6e755c3 --- /dev/null +++ b/server/tests/api/activitypub/helpers.ts | |||
@@ -0,0 +1,182 @@ | |||
1 | /* tslint:disable:no-unused-expression */ | ||
2 | |||
3 | import 'mocha' | ||
4 | import { expect } from 'chai' | ||
5 | import { buildRequestStub } from '../../../../shared/utils/miscs/stubs' | ||
6 | import { isHTTPSignatureVerified, isJsonLDSignatureVerified, parseHTTPSignature } from '../../../helpers/peertube-crypto' | ||
7 | import { cloneDeep } from 'lodash' | ||
8 | import { buildSignedActivity } from '../../../helpers/activitypub' | ||
9 | |||
10 | describe('Test activity pub helpers', function () { | ||
11 | describe('When checking the Linked Signature', function () { | ||
12 | |||
13 | it('Should fail with an invalid Mastodon signature', async function () { | ||
14 | const body = require('./json/mastodon/create-bad-signature.json') | ||
15 | const publicKey = require('./json/mastodon/public-key.json').publicKey | ||
16 | const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' } | ||
17 | |||
18 | const result = await isJsonLDSignatureVerified(fromActor as any, body) | ||
19 | |||
20 | expect(result).to.be.false | ||
21 | }) | ||
22 | |||
23 | it('Should fail with an invalid public key', async function () { | ||
24 | const body = require('./json/mastodon/create.json') | ||
25 | const publicKey = require('./json/mastodon/bad-public-key.json').publicKey | ||
26 | const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' } | ||
27 | |||
28 | const result = await isJsonLDSignatureVerified(fromActor as any, body) | ||
29 | |||
30 | expect(result).to.be.false | ||
31 | }) | ||
32 | |||
33 | it('Should succeed with a valid Mastodon signature', async function () { | ||
34 | const body = require('./json/mastodon/create.json') | ||
35 | const publicKey = require('./json/mastodon/public-key.json').publicKey | ||
36 | const fromActor = { publicKey, url: 'http://localhost:9002/accounts/peertube' } | ||
37 | |||
38 | const result = await isJsonLDSignatureVerified(fromActor as any, body) | ||
39 | |||
40 | expect(result).to.be.true | ||
41 | }) | ||
42 | |||
43 | it('Should fail with an invalid PeerTube signature', async function () { | ||
44 | const keys = require('./json/peertube/invalid-keys.json') | ||
45 | const body = require('./json/peertube/announce-without-context.json') | ||
46 | |||
47 | const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey } | ||
48 | const signedBody = await buildSignedActivity(actorSignature as any, body) | ||
49 | |||
50 | const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9002/accounts/peertube' } | ||
51 | const result = await isJsonLDSignatureVerified(fromActor as any, signedBody) | ||
52 | |||
53 | expect(result).to.be.false | ||
54 | }) | ||
55 | |||
56 | it('Should fail with an invalid PeerTube URL', async function () { | ||
57 | const keys = require('./json/peertube/keys.json') | ||
58 | const body = require('./json/peertube/announce-without-context.json') | ||
59 | |||
60 | const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey } | ||
61 | const signedBody = await buildSignedActivity(actorSignature as any, body) | ||
62 | |||
63 | const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9003/accounts/peertube' } | ||
64 | const result = await isJsonLDSignatureVerified(fromActor as any, signedBody) | ||
65 | |||
66 | expect(result).to.be.false | ||
67 | }) | ||
68 | |||
69 | it('Should succeed with a valid PeerTube signature', async function () { | ||
70 | const keys = require('./json/peertube/keys.json') | ||
71 | const body = require('./json/peertube/announce-without-context.json') | ||
72 | |||
73 | const actorSignature = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey } | ||
74 | const signedBody = await buildSignedActivity(actorSignature as any, body) | ||
75 | |||
76 | const fromActor = { publicKey: keys.publicKey, url: 'http://localhost:9002/accounts/peertube' } | ||
77 | const result = await isJsonLDSignatureVerified(fromActor as any, signedBody) | ||
78 | |||
79 | expect(result).to.be.true | ||
80 | }) | ||
81 | }) | ||
82 | |||
83 | describe('When checking HTTP signature', function () { | ||
84 | it('Should fail with an invalid http signature', async function () { | ||
85 | const req = buildRequestStub() | ||
86 | req.method = 'POST' | ||
87 | req.url = '/accounts/ronan/inbox' | ||
88 | |||
89 | const mastodonObject = cloneDeep(require('./json/mastodon/bad-http-signature.json')) | ||
90 | req.body = mastodonObject.body | ||
91 | req.headers = mastodonObject.headers | ||
92 | req.headers.signature = 'Signature ' + req.headers.signature | ||
93 | |||
94 | const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10) | ||
95 | const publicKey = require('./json/mastodon/public-key.json').publicKey | ||
96 | |||
97 | const actor = { publicKey } | ||
98 | const verified = isHTTPSignatureVerified(parsed, actor as any) | ||
99 | |||
100 | expect(verified).to.be.false | ||
101 | }) | ||
102 | |||
103 | it('Should fail with an invalid public key', async function () { | ||
104 | const req = buildRequestStub() | ||
105 | req.method = 'POST' | ||
106 | req.url = '/accounts/ronan/inbox' | ||
107 | |||
108 | const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json')) | ||
109 | req.body = mastodonObject.body | ||
110 | req.headers = mastodonObject.headers | ||
111 | req.headers.signature = 'Signature ' + req.headers.signature | ||
112 | |||
113 | const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10) | ||
114 | const publicKey = require('./json/mastodon/bad-public-key.json').publicKey | ||
115 | |||
116 | const actor = { publicKey } | ||
117 | const verified = isHTTPSignatureVerified(parsed, actor as any) | ||
118 | |||
119 | expect(verified).to.be.false | ||
120 | }) | ||
121 | |||
122 | it('Should fail because of clock skew', async function () { | ||
123 | const req = buildRequestStub() | ||
124 | req.method = 'POST' | ||
125 | req.url = '/accounts/ronan/inbox' | ||
126 | |||
127 | const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json')) | ||
128 | req.body = mastodonObject.body | ||
129 | req.headers = mastodonObject.headers | ||
130 | req.headers.signature = 'Signature ' + req.headers.signature | ||
131 | |||
132 | let errored = false | ||
133 | try { | ||
134 | parseHTTPSignature(req) | ||
135 | } catch { | ||
136 | errored = true | ||
137 | } | ||
138 | |||
139 | expect(errored).to.be.true | ||
140 | }) | ||
141 | |||
142 | it('Should fail without scheme', async function () { | ||
143 | const req = buildRequestStub() | ||
144 | req.method = 'POST' | ||
145 | req.url = '/accounts/ronan/inbox' | ||
146 | |||
147 | const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json')) | ||
148 | req.body = mastodonObject.body | ||
149 | req.headers = mastodonObject.headers | ||
150 | |||
151 | let errored = false | ||
152 | try { | ||
153 | parseHTTPSignature(req, 3600 * 1000 * 365 * 10) | ||
154 | } catch { | ||
155 | errored = true | ||
156 | } | ||
157 | |||
158 | expect(errored).to.be.true | ||
159 | }) | ||
160 | |||
161 | it('Should succeed with a valid signature', async function () { | ||
162 | const req = buildRequestStub() | ||
163 | req.method = 'POST' | ||
164 | req.url = '/accounts/ronan/inbox' | ||
165 | |||
166 | const mastodonObject = cloneDeep(require('./json/mastodon/http-signature.json')) | ||
167 | req.body = mastodonObject.body | ||
168 | req.headers = mastodonObject.headers | ||
169 | req.headers.signature = 'Signature ' + req.headers.signature | ||
170 | |||
171 | const parsed = parseHTTPSignature(req, 3600 * 1000 * 365 * 10) | ||
172 | const publicKey = require('./json/mastodon/public-key.json').publicKey | ||
173 | |||
174 | const actor = { publicKey } | ||
175 | const verified = isHTTPSignatureVerified(parsed, actor as any) | ||
176 | |||
177 | expect(verified).to.be.true | ||
178 | }) | ||
179 | |||
180 | }) | ||
181 | |||
182 | }) | ||
diff --git a/server/tests/api/activitypub/index.ts b/server/tests/api/activitypub/index.ts new file mode 100644 index 000000000..450053309 --- /dev/null +++ b/server/tests/api/activitypub/index.ts | |||
@@ -0,0 +1,5 @@ | |||
1 | import './client' | ||
2 | import './fetch' | ||
3 | import './helpers' | ||
4 | import './refresher' | ||
5 | import './security' | ||
diff --git a/server/tests/api/activitypub/json/mastodon/bad-body-http-signature.json b/server/tests/api/activitypub/json/mastodon/bad-body-http-signature.json new file mode 100644 index 000000000..4e7bc3af5 --- /dev/null +++ b/server/tests/api/activitypub/json/mastodon/bad-body-http-signature.json | |||
@@ -0,0 +1,93 @@ | |||
1 | { | ||
2 | "headers": { | ||
3 | "user-agent": "http.rb/3.3.0 (Mastodon/2.5.0; +http://localhost:3000/)", | ||
4 | "host": "localhost", | ||
5 | "date": "Mon, 22 Oct 2018 13:34:22 GMT", | ||
6 | "accept-encoding": "gzip", | ||
7 | "digest": "SHA-256=FEr5j2WSSfdEMcG3NTOXuGU0lUchfTJx4+BtUlWOwDk=", | ||
8 | "content-type": "application/activity+json", | ||
9 | "signature": "keyId=\"http://localhost:3000/users/ronan2#main-key\",algorithm=\"rsa-sha256\",headers=\"(request-target) host date digest content-type\",signature=\"oLKbgxdFXdXsHJ3x/UsG9Svu7oa8Dyqiy6Jif4wqNuhAqRVMRaG18f+dd2OcfFX3XRGF8p8flZkU6vvoEQBauTwGRGcgXAJuKC1zYIWGk+PeiW8lNUnE4qGapWcTiFnIo7FKauNdsgqg/tvgs1pQIdHkDDjZMI64twP7sTN/4vG1PCq+kyqi/DM+ORLi/W7vFuLVHt2Iz7ikfw/R3/mMtS4FwLops+tVYBQ2iQ9DVRhTwLKVbeL/LLVB/tdGzNZ4F4nImBAQQ9I7WpPM6J/k+cBmoEbrUKs8ptx9gbX3OSsl5wlvPVMNzU9F9yb2MrB/Y/J4qssKz+LbiaktKGj7OQ==\"", | ||
10 | "content-length": "2815" | ||
11 | }, | ||
12 | "body": { | ||
13 | "@context": [ | ||
14 | "https://www.w3.org/ns/activitystreams", | ||
15 | "https://w3id.org/security/v1", | ||
16 | { | ||
17 | "manuallyApprovesFollowers": "as:manuallyApprovesFollowers", | ||
18 | "sensitive": "as:sensitive", | ||
19 | "movedTo": { | ||
20 | "@id": "as:movedTo", | ||
21 | "@type": "@id" | ||
22 | }, | ||
23 | "Hashtag": "as:Hashtag", | ||
24 | "ostatus": "http://ostatus.org#", | ||
25 | "atomUri": "ostatus:atomUri", | ||
26 | "inReplyToAtomUri": "ostatus:inReplyToAtomUri", | ||
27 | "conversation": "ostatus:conversation", | ||
28 | "toot": "http://joinmastodon.org/ns#", | ||
29 | "Emoji": "toot:Emoji", | ||
30 | "focalPoint": { | ||
31 | "@container": "@list", | ||
32 | "@id": "toot:focalPoint" | ||
33 | }, | ||
34 | "featured": { | ||
35 | "@id": "toot:featured", | ||
36 | "@type": "@id" | ||
37 | }, | ||
38 | "schema": "http://schema.org#", | ||
39 | "PropertyValue": "schema:PropertyValue", | ||
40 | "value": "schema:value" | ||
41 | } | ||
42 | ], | ||
43 | "id": "http://localhost:3000/users/ronan2/statuses/100939547203370948/activity", | ||
44 | "type": "Create", | ||
45 | "actor": "http://localhost:3000/users/ronan2", | ||
46 | "published": "2018-10-22T13:34:18Z", | ||
47 | "to": [ | ||
48 | "https://www.w3.org/ns/activitystreams#Public" | ||
49 | ], | ||
50 | "cc": [ | ||
51 | "http://localhost:3000/users/ronan2/followers", | ||
52 | "http://localhost:9000/accounts/ronan" | ||
53 | ], | ||
54 | "object": { | ||
55 | "id": "http://localhost:3000/users/ronan2/statuses/100939547203370948", | ||
56 | "type": "Note", | ||
57 | "summary": null, | ||
58 | "inReplyTo": "http://localhost:9000/videos/watch/90e6f8ed-b369-423c-b0c8-f44e5350c752", | ||
59 | "published": "2018-10-22T13:34:18Z", | ||
60 | "url": "http://localhost:3000/@ronan2/100939547203370948", | ||
61 | "attributedTo": "http://localhost:3000/users/ronan2", | ||
62 | "to": [ | ||
63 | "https://www.w3.org/ns/activitystreams#Public" | ||
64 | ], | ||
65 | "cc": [ | ||
66 | "http://localhost:3000/users/ronan2/followers", | ||
67 | "http://localhost:9000/accounts/ronan" | ||
68 | ], | ||
69 | "sensitive": false, | ||
70 | "atomUri": "http://localhost:3000/users/ronan2/statuses/100939547203370948", | ||
71 | "inReplyToAtomUri": "http://localhost:9000/videos/watch/90e6f8ed-b369-423c-b0c8-f44e5350c752", | ||
72 | "conversation": "tag:localhost:3000,2018-10-19:objectId=72:objectType=Conversation", | ||
73 | "content": "<p><span class=\"h-card\"><a href=\"http://localhost:9000/accounts/ronan\" class=\"u-url mention\">@<span>ronan</span></a></span> zergzerg</p>", | ||
74 | "contentMap": { | ||
75 | "en": "<p><span class=\"h-card\"><a href=\"http://localhost:9000/accounts/ronan\" class=\"u-url mention\">@<span>ronan</span></a></span> zergzerg</p>" | ||
76 | }, | ||
77 | "attachment": [], | ||
78 | "tag": [ | ||
79 | { | ||
80 | "type": "Mention", | ||
81 | "href": "http://localhost:9000/accounts/ronan", | ||
82 | "name": "@ronan@localhost:9000" | ||
83 | } | ||
84 | ] | ||
85 | }, | ||
86 | "signature": { | ||
87 | "type": "RsaSignature2017", | ||
88 | "creator": "http://localhost:3000/users/ronan2#main-key", | ||
89 | "created": "2018-10-22T13:34:19Z", | ||
90 | "signatureValue": "x+xL4l8ERziYVhwEafHJyBQOInvNZ0gV4ccYd9AtFYeGJagc8fY6jjjhbDRCD7yMhgTjBX69z20MXnDuwpmM6wej3dt1wLKdIyXVViO84nAlqFz7KmNxtk5lDnAVX/vttscT5YUFvw4dbPT2mQiEd1lKbaLftRiIPEomZpQ37+fUkQdcPrnhruPAISO/Sof1n1LFW4mYIffozteQSZBH6HaCVp+MRMIhdMi5e8w7PD48/cZz8D/EU8Vqi91FM76/3tMqg6nLqQ+8bq74Jvt2kzwZlIufe+I55QMpZOmF6hGIJEt+R0JXdjQbtgcELONmNj2dr8sAlzu7zKlAGuJ24Q==" | ||
91 | } | ||
92 | } | ||
93 | } | ||
diff --git a/server/tests/api/activitypub/json/mastodon/bad-http-signature.json b/server/tests/api/activitypub/json/mastodon/bad-http-signature.json new file mode 100644 index 000000000..098597db0 --- /dev/null +++ b/server/tests/api/activitypub/json/mastodon/bad-http-signature.json | |||
@@ -0,0 +1,93 @@ | |||
1 | { | ||
2 | "headers": { | ||
3 | "user-agent": "http.rb/3.3.0 (Mastodon/2.5.0; +http://localhost:3000/)", | ||
4 | "host": "localhost", | ||
5 | "date": "Mon, 22 Oct 2018 13:34:22 GMT", | ||
6 | "accept-encoding": "gzip", | ||
7 | "digest": "SHA-256=FEr5j2WSSfdEMcG3NTOXuGU0lUchfTJx4+BtUlWOwDk=", | ||
8 | "content-type": "application/activity+json", | ||
9 | "signature": "keyId=\"http://localhost:3000/users/ronan2#main-key\",algorithm=\"rsa-sha256\",headers=\"(request-target) host date digest content-type\",signature=\"oLKbgxdFXdXsHJ3x/UsG9Svu7oa8Dyqiy6Jif4wqNuhAqRVMRaG18f+dd2OcfFX3XRGF8p8flZkU6vvoEQBauTwGRGcgXAJuKC1zYIWGk+PeiW8lNUnE4qGapWcTiFnIo7FKauNdsgqg/tvgs1pQIdHkDDjZMI64twP7sTN/4vG1PCq+kyqi/DM+ORLi/W7vFuLVHt2Iz7ikfw/R3/mMtS4FwLops+tVYBQ2iQ9DVRhTwLKVbeL/LLVB/tdGzNZ4F4nImBAQQ9I7WpPM6J/k+cBmoEbrUKs8ptx9gbX3OSsl4wlvPVMNzU9F9yb2MrB/Y/J4qssKz+LbiaktKGj7OQ==\"", | ||
10 | "content-length": "2815" | ||
11 | }, | ||
12 | "body": { | ||
13 | "@context": [ | ||
14 | "https://www.w3.org/ns/activitystreams", | ||
15 | "https://w3id.org/security/v1", | ||
16 | { | ||
17 | "manuallyApprovesFollowers": "as:manuallyApprovesFollowers", | ||
18 | "sensitive": "as:sensitive", | ||
19 | "movedTo": { | ||
20 | "@id": "as:movedTo", | ||
21 | "@type": "@id" | ||
22 | }, | ||
23 | "Hashtag": "as:Hashtag", | ||
24 | "ostatus": "http://ostatus.org#", | ||
25 | "atomUri": "ostatus:atomUri", | ||
26 | "inReplyToAtomUri": "ostatus:inReplyToAtomUri", | ||
27 | "conversation": "ostatus:conversation", | ||
28 | "toot": "http://joinmastodon.org/ns#", | ||
29 | "Emoji": "toot:Emoji", | ||
30 | "focalPoint": { | ||
31 | "@container": "@list", | ||
32 | "@id": "toot:focalPoint" | ||
33 | }, | ||
34 | "featured": { | ||
35 | "@id": "toot:featured", | ||
36 | "@type": "@id" | ||
37 | }, | ||
38 | "schema": "http://schema.org#", | ||
39 | "PropertyValue": "schema:PropertyValue", | ||
40 | "value": "schema:value" | ||
41 | } | ||
42 | ], | ||
43 | "id": "http://localhost:3000/users/ronan2/statuses/100939547203370948/activity", | ||
44 | "type": "Create", | ||
45 | "actor": "http://localhost:3000/users/ronan2", | ||
46 | "published": "2018-10-22T13:34:18Z", | ||
47 | "to": [ | ||
48 | "https://www.w3.org/ns/activitystreams#Public" | ||
49 | ], | ||
50 | "cc": [ | ||
51 | "http://localhost:3000/users/ronan2/followers", | ||
52 | "http://localhost:9000/accounts/ronan" | ||
53 | ], | ||
54 | "object": { | ||
55 | "id": "http://localhost:3000/users/ronan2/statuses/100939547203370948", | ||
56 | "type": "Note", | ||
57 | "summary": null, | ||
58 | "inReplyTo": "http://localhost:9000/videos/watch/90e6f8ed-b369-423c-b0c8-f44e5350c752", | ||
59 | "published": "2018-10-22T13:34:18Z", | ||
60 | "url": "http://localhost:3000/@ronan2/100939547203370948", | ||
61 | "attributedTo": "http://localhost:3000/users/ronan2", | ||
62 | "to": [ | ||
63 | "https://www.w3.org/ns/activitystreams#Public" | ||
64 | ], | ||
65 | "cc": [ | ||
66 | "http://localhost:3000/users/ronan2/followers", | ||
67 | "http://localhost:9000/accounts/ronan" | ||
68 | ], | ||
69 | "sensitive": false, | ||
70 | "atomUri": "http://localhost:3000/users/ronan2/statuses/100939547203370948", | ||
71 | "inReplyToAtomUri": "http://localhost:9000/videos/watch/90e6f8ed-b369-423c-b0c8-f44e5350c752", | ||
72 | "conversation": "tag:localhost:3000,2018-10-19:objectId=72:objectType=Conversation", | ||
73 | "content": "<p><span class=\"h-card\"><a href=\"http://localhost:9000/accounts/ronan\" class=\"u-url mention\">@<span>ronan</span></a></span> zergzerg</p>", | ||
74 | "contentMap": { | ||
75 | "en": "<p><span class=\"h-card\"><a href=\"http://localhost:9000/accounts/ronan\" class=\"u-url mention\">@<span>ronan</span></a></span> zergzerg</p>" | ||
76 | }, | ||
77 | "attachment": [], | ||
78 | "tag": [ | ||
79 | { | ||
80 | "type": "Mention", | ||
81 | "href": "http://localhost:9000/accounts/ronan", | ||
82 | "name": "@ronan@localhost:9000" | ||
83 | } | ||
84 | ] | ||
85 | }, | ||
86 | "signature": { | ||
87 | "type": "RsaSignature2017", | ||
88 | "creator": "http://localhost:3000/users/ronan2#main-key", | ||
89 | "created": "2018-10-22T13:34:19Z", | ||
90 | "signatureValue": "x+xL4l8ERziYVhwEafHJyBQOInvNZ0gV4ccYd9AtFYeGJagc8fY6jjjhbDRCD7yMhgTjBX69z20MXnDuwpmM6wej3dt1wLKdIyXVViO84nAlqFz7KmNxtk5lDnAVX/vttscT5YUFvw4dbPT2mQiEd1lKbaLftRiIPEomZpQ37+fUkQdcPrnhruPAISO/Sof1n1LFW4mYIffozteQSZBH6HaCVp+MRMIhdMi5e8w7PD48/cZz8D/EU8Vqi91FM76/3tMqg6nLqQ+8bq74Jvt2kzwZlIufe+I55QMpZOmF6hGIJEt+R0JXdjQbtgcELONmNj2dr8sAlzu7zKlAGuJ24Q==" | ||
91 | } | ||
92 | } | ||
93 | } | ||
diff --git a/server/tests/api/activitypub/json/mastodon/bad-public-key.json b/server/tests/api/activitypub/json/mastodon/bad-public-key.json new file mode 100644 index 000000000..73d18b3ad --- /dev/null +++ b/server/tests/api/activitypub/json/mastodon/bad-public-key.json | |||
@@ -0,0 +1,3 @@ | |||
1 | { | ||
2 | "publicKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YyuthHtWWgDe0Fdgdp2\ndC5dTJsRqW6pFw5omIYYYjoES/WRewhVxEA54BhmxD3L1zChfx131N1TS8jVowhW\nm999jpUffKCCvLgYKIXETJDHiDeMONVx8wp7v9fS1HiFXo/E5und39gUMs14CMFZ\n6PE5jRV3r4XIKQJHQl7/X5n5FOb2934K+1TKUeBkbft/AushlKatYQakt3qHxpwx\nFvE+JjGo7QTnzdjaOx/e5QvojdGi2Kx4+jl77j2WVcSo5lOBz04OAVJtChtn82vS\nulPdDh3hZcDn+WK67yAhGP6AnzvOybZZS4zowlKiQ3kqjVVXKdl8gAsL4Y7MZ40R\nJQIDAQAB\n-----END PUBLIC KEY-----\n" | ||
3 | } | ||
diff --git a/server/tests/api/activitypub/json/mastodon/create-bad-signature.json b/server/tests/api/activitypub/json/mastodon/create-bad-signature.json new file mode 100644 index 000000000..2cd037241 --- /dev/null +++ b/server/tests/api/activitypub/json/mastodon/create-bad-signature.json | |||
@@ -0,0 +1,81 @@ | |||
1 | { | ||
2 | "@context": [ | ||
3 | "https://www.w3.org/ns/activitystreams", | ||
4 | "https://w3id.org/security/v1", | ||
5 | { | ||
6 | "manuallyApprovesFollowers": "as:manuallyApprovesFollowers", | ||
7 | "sensitive": "as:sensitive", | ||
8 | "movedTo": { | ||
9 | "@id": "as:movedTo", | ||
10 | "@type": "@id" | ||
11 | }, | ||
12 | "Hashtag": "as:Hashtag", | ||
13 | "ostatus": "http://ostatus.org#", | ||
14 | "atomUri": "ostatus:atomUri", | ||
15 | "inReplyToAtomUri": "ostatus:inReplyToAtomUri", | ||
16 | "conversation": "ostatus:conversation", | ||
17 | "toot": "http://joinmastodon.org/ns#", | ||
18 | "Emoji": "toot:Emoji", | ||
19 | "focalPoint": { | ||
20 | "@container": "@list", | ||
21 | "@id": "toot:focalPoint" | ||
22 | }, | ||
23 | "featured": { | ||
24 | "@id": "toot:featured", | ||
25 | "@type": "@id" | ||
26 | }, | ||
27 | "schema": "http://schema.org#", | ||
28 | "PropertyValue": "schema:PropertyValue", | ||
29 | "value": "schema:value" | ||
30 | } | ||
31 | ], | ||
32 | "id": "http://localhost:3000/users/ronan2/statuses/100939345950887698/activity", | ||
33 | "type": "Create", | ||
34 | "actor": "http://localhost:3000/users/ronan2", | ||
35 | "published": "2018-10-22T12:43:07Z", | ||
36 | "to": [ | ||
37 | "https://www.w3.org/ns/activitystreams#Public" | ||
38 | ], | ||
39 | "cc": [ | ||
40 | "http://localhost:3000/users/ronan2/followers", | ||
41 | "http://localhost:9000/accounts/ronan" | ||
42 | ], | ||
43 | "object": { | ||
44 | "id": "http://localhost:3000/users/ronan2/statuses/100939345950887698", | ||
45 | "type": "Note", | ||
46 | "summary": null, | ||
47 | "inReplyTo": "http://localhost:9000/videos/watch/90e6f8ed-b369-423c-b0c8-f44e5350c752", | ||
48 | "published": "2018-10-22T12:43:07Z", | ||
49 | "url": "http://localhost:3000/@ronan2/100939345950887698", | ||
50 | "attributedTo": "http://localhost:3000/users/ronan2", | ||
51 | "to": [ | ||
52 | "https://www.w3.org/ns/activitystreams#Public" | ||
53 | ], | ||
54 | "cc": [ | ||
55 | "http://localhost:3000/users/ronan2/followers", | ||
56 | "http://localhost:9000/accounts/ronan" | ||
57 | ], | ||
58 | "sensitive": false, | ||
59 | "atomUri": "http://localhost:3000/users/ronan2/statuses/100939345950887698", | ||
60 | "inReplyToAtomUri": "http://localhost:9000/videos/watch/90e6f8ed-b369-423c-b0c8-f44e5350c752", | ||
61 | "conversation": "tag:localhost:3000,2018-10-19:objectId=72:objectType=Conversation", | ||
62 | "content": "<p><span class=\"h-card\"><a href=\"http://localhost:9000/accounts/ronan\" class=\"u-url mention\">@<span>ronan</span></a></span> zerg</p>", | ||
63 | "contentMap": { | ||
64 | "en": "<p><span class=\"h-card\"><a href=\"http://localhost:9000/accounts/ronan\" class=\"u-url mention\">@<span>ronan</span></a></span> zerg</p>" | ||
65 | }, | ||
66 | "attachment": [], | ||
67 | "tag": [ | ||
68 | { | ||
69 | "type": "Mention", | ||
70 | "href": "http://localhost:9000/accounts/ronan", | ||
71 | "name": "@ronan@localhost:9000" | ||
72 | } | ||
73 | ] | ||
74 | }, | ||
75 | "signature": { | ||
76 | "type": "RsaSignature2017", | ||
77 | "creator": "http://localhost:3000/users/ronan2#main-key", | ||
78 | "created": "2018-10-22T12:43:08Z", | ||
79 | "signatureValue": "Vgr8nA0agPr9TcA4BlX+MWhmuE+rBcoIJLpnPbm3E5SnOCXbgjEfEaTLqfuzzkKNsR3PBbkvi3YWK4/DxJ0zmpzSB7yy4NRzluQMVQHqJiFKXAX3Sr3fIrK24xkWW9/F207c1NpFajSGbgnFKBdtFE0e5VqwSrSoOJkZukZW/2ATSnsyzblieuUmvTWpD0PqpUOsynPjw+RqZnqPn0cjw1z2Dm7ZRt3trnyMTXFYZw5U/YuqMY2kpadD6vq780md8kXlJIylxG6ZrlO2jz9fJdnfuVq43d4QFNsBm1K1r2WtNqX+i+wiqh+u3PjF4pzXtl/a3hJOH18IfZnK7I21mQ==" | ||
80 | } | ||
81 | } | ||
diff --git a/server/tests/api/activitypub/json/mastodon/create.json b/server/tests/api/activitypub/json/mastodon/create.json new file mode 100644 index 000000000..0be271bb8 --- /dev/null +++ b/server/tests/api/activitypub/json/mastodon/create.json | |||
@@ -0,0 +1,81 @@ | |||
1 | { | ||
2 | "@context": [ | ||
3 | "https://www.w3.org/ns/activitystreams", | ||
4 | "https://w3id.org/security/v1", | ||
5 | { | ||
6 | "manuallyApprovesFollowers": "as:manuallyApprovesFollowers", | ||
7 | "sensitive": "as:sensitive", | ||
8 | "movedTo": { | ||
9 | "@id": "as:movedTo", | ||
10 | "@type": "@id" | ||
11 | }, | ||
12 | "Hashtag": "as:Hashtag", | ||
13 | "ostatus": "http://ostatus.org#", | ||
14 | "atomUri": "ostatus:atomUri", | ||
15 | "inReplyToAtomUri": "ostatus:inReplyToAtomUri", | ||
16 | "conversation": "ostatus:conversation", | ||
17 | "toot": "http://joinmastodon.org/ns#", | ||
18 | "Emoji": "toot:Emoji", | ||
19 | "focalPoint": { | ||
20 | "@container": "@list", | ||
21 | "@id": "toot:focalPoint" | ||
22 | }, | ||
23 | "featured": { | ||
24 | "@id": "toot:featured", | ||
25 | "@type": "@id" | ||
26 | }, | ||
27 | "schema": "http://schema.org#", | ||
28 | "PropertyValue": "schema:PropertyValue", | ||
29 | "value": "schema:value" | ||
30 | } | ||
31 | ], | ||
32 | "id": "http://localhost:3000/users/ronan2/statuses/100939345950887698/activity", | ||
33 | "type": "Create", | ||
34 | "actor": "http://localhost:3000/users/ronan2", | ||
35 | "published": "2018-10-22T12:43:07Z", | ||
36 | "to": [ | ||
37 | "https://www.w3.org/ns/activitystreams#Public" | ||
38 | ], | ||
39 | "cc": [ | ||
40 | "http://localhost:3000/users/ronan2/followers", | ||
41 | "http://localhost:9000/accounts/ronan" | ||
42 | ], | ||
43 | "object": { | ||
44 | "id": "http://localhost:3000/users/ronan2/statuses/100939345950887698", | ||
45 | "type": "Note", | ||
46 | "summary": null, | ||
47 | "inReplyTo": "http://localhost:9000/videos/watch/90e6f8ed-b369-423c-b0c8-f44e5350c752", | ||
48 | "published": "2018-10-22T12:43:07Z", | ||
49 | "url": "http://localhost:3000/@ronan2/100939345950887698", | ||
50 | "attributedTo": "http://localhost:3000/users/ronan2", | ||
51 | "to": [ | ||
52 | "https://www.w3.org/ns/activitystreams#Public" | ||
53 | ], | ||
54 | "cc": [ | ||
55 | "http://localhost:3000/users/ronan2/followers", | ||
56 | "http://localhost:9000/accounts/ronan" | ||
57 | ], | ||
58 | "sensitive": false, | ||
59 | "atomUri": "http://localhost:3000/users/ronan2/statuses/100939345950887698", | ||
60 | "inReplyToAtomUri": "http://localhost:9000/videos/watch/90e6f8ed-b369-423c-b0c8-f44e5350c752", | ||
61 | "conversation": "tag:localhost:3000,2018-10-19:objectId=72:objectType=Conversation", | ||
62 | "content": "<p><span class=\"h-card\"><a href=\"http://localhost:9000/accounts/ronan\" class=\"u-url mention\">@<span>ronan</span></a></span> zerg</p>", | ||
63 | "contentMap": { | ||
64 | "en": "<p><span class=\"h-card\"><a href=\"http://localhost:9000/accounts/ronan\" class=\"u-url mention\">@<span>ronan</span></a></span> zerg</p>" | ||
65 | }, | ||
66 | "attachment": [], | ||
67 | "tag": [ | ||
68 | { | ||
69 | "type": "Mention", | ||
70 | "href": "http://localhost:9000/accounts/ronan", | ||
71 | "name": "@ronan@localhost:9000" | ||
72 | } | ||
73 | ] | ||
74 | }, | ||
75 | "signature": { | ||
76 | "type": "RsaSignature2017", | ||
77 | "creator": "http://localhost:3000/users/ronan2#main-key", | ||
78 | "created": "2018-10-22T12:43:08Z", | ||
79 | "signatureValue": "VgR8nA0agPr9TcA4BlX+MWhmuE+rBcoIJLpnPbm3E5SnOCXbgjEfEaTLqfuzzkKNsR3PBbkvi3YWK4/DxJ0zmpzSB7yy4NRzluQMVQHqJiFKXAX3Sr3fIrK24xkWW9/F207c1NpFajSGbgnFKBdtFE0e5VqwSrSoOJkZukZW/2ATSnsyzblieuUmvTWpD0PqpUOsynPjw+RqZnqPn0cjw1z2Dm7ZRt3trnyMTXFYZw5U/YuqMY2kpadD6vq780md8kXlJIylxG6ZrlO2jz9fJdnfuVq43d4QFNsBm1K1r2WtNqX+i+wiqh+u3PjF4pzXtl/a3hJOH18IfZnK7I21mQ==" | ||
80 | } | ||
81 | } | ||
diff --git a/server/tests/api/activitypub/json/mastodon/http-signature.json b/server/tests/api/activitypub/json/mastodon/http-signature.json new file mode 100644 index 000000000..4e7bc3af5 --- /dev/null +++ b/server/tests/api/activitypub/json/mastodon/http-signature.json | |||
@@ -0,0 +1,93 @@ | |||
1 | { | ||
2 | "headers": { | ||
3 | "user-agent": "http.rb/3.3.0 (Mastodon/2.5.0; +http://localhost:3000/)", | ||
4 | "host": "localhost", | ||
5 | "date": "Mon, 22 Oct 2018 13:34:22 GMT", | ||
6 | "accept-encoding": "gzip", | ||
7 | "digest": "SHA-256=FEr5j2WSSfdEMcG3NTOXuGU0lUchfTJx4+BtUlWOwDk=", | ||
8 | "content-type": "application/activity+json", | ||
9 | "signature": "keyId=\"http://localhost:3000/users/ronan2#main-key\",algorithm=\"rsa-sha256\",headers=\"(request-target) host date digest content-type\",signature=\"oLKbgxdFXdXsHJ3x/UsG9Svu7oa8Dyqiy6Jif4wqNuhAqRVMRaG18f+dd2OcfFX3XRGF8p8flZkU6vvoEQBauTwGRGcgXAJuKC1zYIWGk+PeiW8lNUnE4qGapWcTiFnIo7FKauNdsgqg/tvgs1pQIdHkDDjZMI64twP7sTN/4vG1PCq+kyqi/DM+ORLi/W7vFuLVHt2Iz7ikfw/R3/mMtS4FwLops+tVYBQ2iQ9DVRhTwLKVbeL/LLVB/tdGzNZ4F4nImBAQQ9I7WpPM6J/k+cBmoEbrUKs8ptx9gbX3OSsl5wlvPVMNzU9F9yb2MrB/Y/J4qssKz+LbiaktKGj7OQ==\"", | ||
10 | "content-length": "2815" | ||
11 | }, | ||
12 | "body": { | ||
13 | "@context": [ | ||
14 | "https://www.w3.org/ns/activitystreams", | ||
15 | "https://w3id.org/security/v1", | ||
16 | { | ||
17 | "manuallyApprovesFollowers": "as:manuallyApprovesFollowers", | ||
18 | "sensitive": "as:sensitive", | ||
19 | "movedTo": { | ||
20 | "@id": "as:movedTo", | ||
21 | "@type": "@id" | ||
22 | }, | ||
23 | "Hashtag": "as:Hashtag", | ||
24 | "ostatus": "http://ostatus.org#", | ||
25 | "atomUri": "ostatus:atomUri", | ||
26 | "inReplyToAtomUri": "ostatus:inReplyToAtomUri", | ||
27 | "conversation": "ostatus:conversation", | ||
28 | "toot": "http://joinmastodon.org/ns#", | ||
29 | "Emoji": "toot:Emoji", | ||
30 | "focalPoint": { | ||
31 | "@container": "@list", | ||
32 | "@id": "toot:focalPoint" | ||
33 | }, | ||
34 | "featured": { | ||
35 | "@id": "toot:featured", | ||
36 | "@type": "@id" | ||
37 | }, | ||
38 | "schema": "http://schema.org#", | ||
39 | "PropertyValue": "schema:PropertyValue", | ||
40 | "value": "schema:value" | ||
41 | } | ||
42 | ], | ||
43 | "id": "http://localhost:3000/users/ronan2/statuses/100939547203370948/activity", | ||
44 | "type": "Create", | ||
45 | "actor": "http://localhost:3000/users/ronan2", | ||
46 | "published": "2018-10-22T13:34:18Z", | ||
47 | "to": [ | ||
48 | "https://www.w3.org/ns/activitystreams#Public" | ||
49 | ], | ||
50 | "cc": [ | ||
51 | "http://localhost:3000/users/ronan2/followers", | ||
52 | "http://localhost:9000/accounts/ronan" | ||
53 | ], | ||
54 | "object": { | ||
55 | "id": "http://localhost:3000/users/ronan2/statuses/100939547203370948", | ||
56 | "type": "Note", | ||
57 | "summary": null, | ||
58 | "inReplyTo": "http://localhost:9000/videos/watch/90e6f8ed-b369-423c-b0c8-f44e5350c752", | ||
59 | "published": "2018-10-22T13:34:18Z", | ||
60 | "url": "http://localhost:3000/@ronan2/100939547203370948", | ||
61 | "attributedTo": "http://localhost:3000/users/ronan2", | ||
62 | "to": [ | ||
63 | "https://www.w3.org/ns/activitystreams#Public" | ||
64 | ], | ||
65 | "cc": [ | ||
66 | "http://localhost:3000/users/ronan2/followers", | ||
67 | "http://localhost:9000/accounts/ronan" | ||
68 | ], | ||
69 | "sensitive": false, | ||
70 | "atomUri": "http://localhost:3000/users/ronan2/statuses/100939547203370948", | ||
71 | "inReplyToAtomUri": "http://localhost:9000/videos/watch/90e6f8ed-b369-423c-b0c8-f44e5350c752", | ||
72 | "conversation": "tag:localhost:3000,2018-10-19:objectId=72:objectType=Conversation", | ||
73 | "content": "<p><span class=\"h-card\"><a href=\"http://localhost:9000/accounts/ronan\" class=\"u-url mention\">@<span>ronan</span></a></span> zergzerg</p>", | ||
74 | "contentMap": { | ||
75 | "en": "<p><span class=\"h-card\"><a href=\"http://localhost:9000/accounts/ronan\" class=\"u-url mention\">@<span>ronan</span></a></span> zergzerg</p>" | ||
76 | }, | ||
77 | "attachment": [], | ||
78 | "tag": [ | ||
79 | { | ||
80 | "type": "Mention", | ||
81 | "href": "http://localhost:9000/accounts/ronan", | ||
82 | "name": "@ronan@localhost:9000" | ||
83 | } | ||
84 | ] | ||
85 | }, | ||
86 | "signature": { | ||
87 | "type": "RsaSignature2017", | ||
88 | "creator": "http://localhost:3000/users/ronan2#main-key", | ||
89 | "created": "2018-10-22T13:34:19Z", | ||
90 | "signatureValue": "x+xL4l8ERziYVhwEafHJyBQOInvNZ0gV4ccYd9AtFYeGJagc8fY6jjjhbDRCD7yMhgTjBX69z20MXnDuwpmM6wej3dt1wLKdIyXVViO84nAlqFz7KmNxtk5lDnAVX/vttscT5YUFvw4dbPT2mQiEd1lKbaLftRiIPEomZpQ37+fUkQdcPrnhruPAISO/Sof1n1LFW4mYIffozteQSZBH6HaCVp+MRMIhdMi5e8w7PD48/cZz8D/EU8Vqi91FM76/3tMqg6nLqQ+8bq74Jvt2kzwZlIufe+I55QMpZOmF6hGIJEt+R0JXdjQbtgcELONmNj2dr8sAlzu7zKlAGuJ24Q==" | ||
91 | } | ||
92 | } | ||
93 | } | ||
diff --git a/server/tests/api/activitypub/json/mastodon/public-key.json b/server/tests/api/activitypub/json/mastodon/public-key.json new file mode 100644 index 000000000..b7b9b8308 --- /dev/null +++ b/server/tests/api/activitypub/json/mastodon/public-key.json | |||
@@ -0,0 +1,3 @@ | |||
1 | { | ||
2 | "publicKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA0YyuthHtWWgDe0Fdgdp2\ndC5dTJsRqW6pFw5omIYYYjoES/WRewhVxEA54BhmxD3L1zChfx131N1TS8jVowhW\nm999jpUffKCCvLgYKIXETJDHiDeMONVx8wp7v9fS1HiFXo/E5und39gUMs14CMFZ\n6PE5jRV3r4XIKQJHQl7/X5n5FOb2934K+1TKUeBkbft/AushlKatYQakt3qHxpwx\nFvE+JjGo7QTnzdjaOx/e5QvojdGi2Kx4+jl87j2WVcSo5lOBz04OAVJtChtn82vS\nulPdDh3hZcDn+WK67yAhGP6AnzvOybZZS4zowlKiQ3kqjVVXKdl8gAsL4Y7MZ40R\nJQIDAQAB\n-----END PUBLIC KEY-----\n" | ||
3 | } | ||
diff --git a/server/tests/api/activitypub/json/peertube/announce-without-context.json b/server/tests/api/activitypub/json/peertube/announce-without-context.json new file mode 100644 index 000000000..5f2af0cde --- /dev/null +++ b/server/tests/api/activitypub/json/peertube/announce-without-context.json | |||
@@ -0,0 +1,13 @@ | |||
1 | { | ||
2 | "type": "Announce", | ||
3 | "id": "http://localhost:9002/videos/watch/997111d4-e8d8-4f45-99d3-857905785d05/announces/1", | ||
4 | "actor": "http://localhost:9002/accounts/peertube", | ||
5 | "object": "http://localhost:9002/videos/watch/997111d4-e8d8-4f45-99d3-857905785d05", | ||
6 | "to": [ | ||
7 | "https://www.w3.org/ns/activitystreams#Public", | ||
8 | "http://localhost:9002/accounts/peertube/followers", | ||
9 | "http://localhost:9002/video-channels/root_channel/followers", | ||
10 | "http://localhost:9002/accounts/root/followers" | ||
11 | ], | ||
12 | "cc": [] | ||
13 | } | ||
diff --git a/server/tests/api/activitypub/json/peertube/invalid-keys.json b/server/tests/api/activitypub/json/peertube/invalid-keys.json new file mode 100644 index 000000000..0544e96b9 --- /dev/null +++ b/server/tests/api/activitypub/json/peertube/invalid-keys.json | |||
@@ -0,0 +1,6 @@ | |||
1 | { | ||
2 | "publicKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjQGdH6D3naKmSbbr/Df\nEh1H42F3WlHYXuxKLkm5Bemjdde+GwHYdz5m3fcIWw3HTzfA+y9Of8epGdfSrtYO\nwAyc3Zoy7afPNa4bZXqhJ1Im41rMGieiCuUn4uTPPucIjC0gCkVwvuQr3Elbk55s\nIkczDkseJuadTvG+A1e4uNY2lnRmVhf4g5B90u6CLe2KdbPpifRoKlw9zaUBj4/F\npP5S75TS5l1DfJQIq2lp8RwrH6FvGKLnWlbGeNYX96DDvlA5Sxoxz6a+bTV9OopM\n7mS7eP8zF8lKXYUu8cjIscKm+XqGmyRoPyw2Pp53tew29idRUocVQHGBnlNbpKdd\naQIDAQAB\n-----END PUBLIC KEY-----\n", | ||
3 | "privateKey": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAqjQGdH6D3naKmSbbr/DfEh1H42F3WlHYXuxKLkm5Bemjdde+\nGwHYdz5m3fcIWw3HTzfA+y9Of8epGdfSrtYOwAyc3Zoy7afPNa4bZXqhJ1Im41rM\nGieiCuUn4uTPPucIjC0gCkVwvuQr3Elbk55sIkczDkseJuadTvG+A1e4uNY2lnRm\nVhf4g5B90u6CLe2KdbPpifRoKlw9zaUBj4/FpP5S75TS5l1DfJQIq2lp8RwrH6Fv\nGKLnWlbGeNYX96DDvlA5Sxoxz6a+bTV9OopM7mS7eP8zF8lKXYUu8cjIscKm+XqG\nmyRoPyw3Pp53tew29idRUocVQHGBnlNbpKddaQIDAQABAoIBAQCnBZawCtbtH/ay\ng+dhqEW/SOyavbKZ92cU/1tsQPxISRYXNjdf2VfK7HmVqC2S7NqBanz+AVZPHmda\n7OfamkSvQbFN5VvEy8ATNV+9HbG3HG78/MT9hZcGigmyJkcZuy4wILgoXCxfpxlD\netla60PB/4yioiRcmEIWjjOgpByphDJ7RuuuptyEvgjUjpPtvHK47O/loaD2HFJk\nbIYbRirbjUjITRjQxGVIvanqiwPG9pB26YDLxDOoXEumcnzRcEFWNdvoleaLgquS\nn/zVsXWEq4+1i7t44DDstWUt/2Bw5ksIkSdayQ6oy3vzre3YFHwvbVZ7qtQQgpru\nx+NIolZhAoGBAN1RgNj8zy9Py3SJdsoXtnuCItfD7eo7LWXUa06cM/NS695Q+/to\naa5i3cJnRlv+b+b3VvnhkhIBLfFQW+hWwPnnxJEehcm09ddN9zbWrZ4Yv9yYu+8d\nTLGyWL8kPFF1dz+29DcrSv3tXEOwxByX/O4U/X/i3wl2WhkybxVFnCuvAoGBAMTf\n91BgLzvcYKOxH+vRPOJY7g2HKGFe35R91M4E+9Eq1rq4LUQHBb3fhRh4+scNu0yb\nNfN1Zdx2nbgCXdTKomF1Ahxp58/A2iU65vVzL6hYfWXEGSmoBqsGCIpIxQ9jgB9k\nCl7t/Ban8Z/ORHTjI9fpHlSZyCWJ3ajepiM2a1ZnAoGAPpDO6wi1DXvyWVSPF1yS\nwuGsNfD2rjPihpoBZ+yypwP3GBcu1QjUb28Vn+KQOmt4eQPNO8DwCVT6BvEfulPk\nJAHISPom+jnFEgPBcmhIFpyKiLNI1bUjvExd2FNHFgQuHP38ligQAC782Un8dtTk\ntO2MKH4bbVJe8CaYzpuqJZMCgYABZyMpBHZxs8FQiUuT75rCdiXEHOlxwC5RrY/d\no/VzaR28mOFhsbcdwkD9iqcm0fc6tYRt5rFCH+pBzGqEwKjljuLj9vE67sHfMAtD\nRn3Zcj/6gKo5PMRHZbSb36bf1DKuhpT4VjPMqYe0PtEIEDJKMJQRwELH2bKlqGiA\nqbucEwKBgQCkS85JnpHEV/tSylsEEn2W3CQCx58zl7iZNV7h/tWMR4AyrcI0HqP6\nllJ7V/Cfw66MgelPnosKgagwLVI6gsqDtjnzYo3XuMRVlYIySJ/jV3eiUNkV2Ky2\nfp/gA9sVgp38QSr+xB9E0LNStcbqDzoCCcDRws/SK7PbkQH9KV47tQ==\n-----END RSA PRIVATE KEY-----" | ||
4 | } | ||
5 | |||
6 | |||
diff --git a/server/tests/api/activitypub/json/peertube/keys.json b/server/tests/api/activitypub/json/peertube/keys.json new file mode 100644 index 000000000..1a7700865 --- /dev/null +++ b/server/tests/api/activitypub/json/peertube/keys.json | |||
@@ -0,0 +1,4 @@ | |||
1 | { | ||
2 | "publicKey": "-----BEGIN PUBLIC KEY-----\nMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqjQGdH6D3naKmSbbr/Df\nEh1H42F3WlHYXuxKLkm5Bemjdde+GwHYdz5m3fcIWw3HTzfA+y9Of8epGdfSrtYO\nwAyc3Zoy7afPNa4bZXqhJ1Im41rMGieiCuUn4uTPPucIjC0gCkVwvuQr3Elbk55s\nIkczDkseJuadTvG+A1e4uNY2lnRmVhf4g5B90u6CLe2KdbPpifRoKlw9zaUBj4/F\npP5S75TS5l1DfJQIq2lp8RwrH6FvGKLnWlbGeNYX96DDvlA5Sxoxz6a+bTV9OopM\n7mS7eP8zF8lKXYUu8cjIscKm+XqGmyRoPyw3Pp53tew29idRUocVQHGBnlNbpKdd\naQIDAQAB\n-----END PUBLIC KEY-----\n", | ||
3 | "privateKey": "-----BEGIN RSA PRIVATE KEY-----\nMIIEpAIBAAKCAQEAqjQGdH6D3naKmSbbr/DfEh1H42F3WlHYXuxKLkm5Bemjdde+\nGwHYdz5m3fcIWw3HTzfA+y9Of8epGdfSrtYOwAyc3Zoy7afPNa4bZXqhJ1Im41rM\nGieiCuUn4uTPPucIjC0gCkVwvuQr3Elbk55sIkczDkseJuadTvG+A1e4uNY2lnRm\nVhf4g5B90u6CLe2KdbPpifRoKlw9zaUBj4/FpP5S75TS5l1DfJQIq2lp8RwrH6Fv\nGKLnWlbGeNYX96DDvlA5Sxoxz6a+bTV9OopM7mS7eP8zF8lKXYUu8cjIscKm+XqG\nmyRoPyw3Pp53tew29idRUocVQHGBnlNbpKddaQIDAQABAoIBAQCnBZawCtbtH/ay\ng+dhqEW/SOyavbKZ92cU/1tsQPxISRYXNjdf2VfK7HmVqC2S7NqBanz+AVZPHmda\n7OfamkSvQbFN5VvEy8ATNV+9HbG3HG78/MT9hZcGigmyJkcZuy4wILgoXCxfpxlD\netla60PB/4yioiRcmEIWjjOgpByphDJ7RuuuptyEvgjUjpPtvHK47O/loaD2HFJk\nbIYbRirbjUjITRjQxGVIvanqiwPG9pB26YDLxDOoXEumcnzRcEFWNdvoleaLgquS\nn/zVsXWEq4+1i7t44DDstWUt/2Bw5ksIkSdayQ6oy3vzre3YFHwvbVZ7qtQQgpru\nx+NIolZhAoGBAN1RgNj8zy9Py3SJdsoXtnuCItfD7eo7LWXUa06cM/NS695Q+/to\naa5i3cJnRlv+b+b3VvnhkhIBLfFQW+hWwPnnxJEehcm09ddN9zbWrZ4Yv9yYu+8d\nTLGyWL8kPFF1dz+29DcrSv3tXEOwxByX/O4U/X/i3wl2WhkybxVFnCuvAoGBAMTf\n91BgLzvcYKOxH+vRPOJY7g2HKGFe35R91M4E+9Eq1rq4LUQHBb3fhRh4+scNu0yb\nNfN1Zdx2nbgCXdTKomF1Ahxp58/A2iU65vVzL6hYfWXEGSmoBqsGCIpIxQ9jgB9k\nCl7t/Ban8Z/ORHTjI9fpHlSZyCWJ3ajepiM2a1ZnAoGAPpDO6wi1DXvyWVSPF1yS\nwuGsNfD2rjPihpoBZ+yypwP3GBcu1QjUb28Vn+KQOmt4eQPNO8DwCVT6BvEfulPk\nJAHISPom+jnFEgPBcmhIFpyKiLNI1bUjvExd2FNHFgQuHP38ligQAC782Un8dtTk\ntO2MKH4bbVJe8CaYzpuqJZMCgYABZyMpBHZxs8FQiUuT75rCdiXEHOlxwC5RrY/d\no/VzaR28mOFhsbcdwkD9iqcm0fc6tYRt5rFCH+pBzGqEwKjljuLj9vE67sHfMAtD\nRn3Zcj/6gKo5PMRHZbSb36bf1DKuhpT4VjPMqYe0PtEIEDJKMJQRwELH2bKlqGiA\nqbucEwKBgQCkS85JnpHEV/tSylsEEn2W3CQCx58zl7iZNV7h/tWMR4AyrcI0HqP6\nllJ7V/Cfw66MgelPnosKgagwLVI6gsqDtjnzYo3XuMRVlYIySJ/jV3eiUNkV2Ky2\nfp/gA9sVgp38QSr+xB9E0LNStcbqDzoCCcDRws/SK7PbkQH9KV47tQ==\n-----END RSA PRIVATE KEY-----" | ||
4 | } | ||
diff --git a/server/tests/api/activitypub/refresher.ts b/server/tests/api/activitypub/refresher.ts new file mode 100644 index 000000000..62ad8a0b5 --- /dev/null +++ b/server/tests/api/activitypub/refresher.ts | |||
@@ -0,0 +1,93 @@ | |||
1 | /* tslint:disable:no-unused-expression */ | ||
2 | |||
3 | import 'mocha' | ||
4 | import { | ||
5 | doubleFollow, | ||
6 | flushAndRunMultipleServers, | ||
7 | getVideo, | ||
8 | killallServers, | ||
9 | reRunServer, | ||
10 | ServerInfo, | ||
11 | setAccessTokensToServers, | ||
12 | uploadVideo, | ||
13 | wait, | ||
14 | setVideoField, | ||
15 | waitJobs | ||
16 | } from '../../../../shared/utils' | ||
17 | |||
18 | describe('Test AP refresher', function () { | ||
19 | let servers: ServerInfo[] = [] | ||
20 | let videoUUID1: string | ||
21 | let videoUUID2: string | ||
22 | let videoUUID3: string | ||
23 | |||
24 | before(async function () { | ||
25 | this.timeout(60000) | ||
26 | |||
27 | servers = await flushAndRunMultipleServers(2) | ||
28 | |||
29 | // Get the access tokens | ||
30 | await setAccessTokensToServers(servers) | ||
31 | |||
32 | { | ||
33 | const res = await uploadVideo(servers[1].url, servers[1].accessToken, { name: 'video1' }) | ||
34 | videoUUID1 = res.body.video.uuid | ||
35 | } | ||
36 | |||
37 | { | ||
38 | const res = await uploadVideo(servers[1].url, servers[1].accessToken, { name: 'video2' }) | ||
39 | videoUUID2 = res.body.video.uuid | ||
40 | } | ||
41 | |||
42 | { | ||
43 | const res = await uploadVideo(servers[1].url, servers[1].accessToken, { name: 'video3' }) | ||
44 | videoUUID3 = res.body.video.uuid | ||
45 | } | ||
46 | |||
47 | await doubleFollow(servers[0], servers[1]) | ||
48 | }) | ||
49 | |||
50 | it('Should remove a deleted remote video', async function () { | ||
51 | this.timeout(60000) | ||
52 | |||
53 | await wait(10000) | ||
54 | |||
55 | // Change UUID so the remote server returns a 404 | ||
56 | await setVideoField(2, videoUUID1, 'uuid', '304afe4f-39f9-4d49-8ed7-ac57b86b174f') | ||
57 | |||
58 | await getVideo(servers[0].url, videoUUID1) | ||
59 | await getVideo(servers[0].url, videoUUID2) | ||
60 | |||
61 | await waitJobs(servers) | ||
62 | |||
63 | await getVideo(servers[0].url, videoUUID1, 404) | ||
64 | await getVideo(servers[0].url, videoUUID2, 200) | ||
65 | }) | ||
66 | |||
67 | it('Should not update a remote video if the remote instance is down', async function () { | ||
68 | this.timeout(60000) | ||
69 | |||
70 | killallServers([ servers[1] ]) | ||
71 | |||
72 | await setVideoField(2, videoUUID3, 'uuid', '304afe4f-39f9-4d49-8ed7-ac57b86b174e') | ||
73 | |||
74 | // Video will need a refresh | ||
75 | await wait(10000) | ||
76 | |||
77 | await getVideo(servers[0].url, videoUUID3) | ||
78 | // The refresh should fail | ||
79 | await waitJobs([ servers[0] ]) | ||
80 | |||
81 | await reRunServer(servers[1]) | ||
82 | |||
83 | // Should not refresh the video, even if the last refresh failed (to avoir a loop on dead instances) | ||
84 | await getVideo(servers[0].url, videoUUID3) | ||
85 | await waitJobs(servers) | ||
86 | |||
87 | await getVideo(servers[0].url, videoUUID3, 200) | ||
88 | }) | ||
89 | |||
90 | after(async function () { | ||
91 | killallServers(servers) | ||
92 | }) | ||
93 | }) | ||
diff --git a/server/tests/api/activitypub/security.ts b/server/tests/api/activitypub/security.ts new file mode 100644 index 000000000..342ae0fa1 --- /dev/null +++ b/server/tests/api/activitypub/security.ts | |||
@@ -0,0 +1,187 @@ | |||
1 | /* tslint:disable:no-unused-expression */ | ||
2 | |||
3 | import 'mocha' | ||
4 | |||
5 | import { | ||
6 | flushAndRunMultipleServers, | ||
7 | flushTests, | ||
8 | killallServers, | ||
9 | makeFollowRequest, | ||
10 | makePOSTAPRequest, | ||
11 | ServerInfo, | ||
12 | setActorField | ||
13 | } from '../../../../shared/utils' | ||
14 | import { HTTP_SIGNATURE } from '../../../initializers' | ||
15 | import { buildDigest, buildGlobalHeaders } from '../../../lib/job-queue/handlers/utils/activitypub-http-utils' | ||
16 | import * as chai from 'chai' | ||
17 | import { activityPubContextify, buildSignedActivity } from '../../../helpers/activitypub' | ||
18 | |||
19 | const expect = chai.expect | ||
20 | |||
21 | function setKeysOfServer2 (serverNumber: number, publicKey: string, privateKey: string) { | ||
22 | return Promise.all([ | ||
23 | setActorField(serverNumber, 'http://localhost:9002/accounts/peertube', 'publicKey', publicKey), | ||
24 | setActorField(serverNumber, 'http://localhost:9002/accounts/peertube', 'privateKey', privateKey) | ||
25 | ]) | ||
26 | } | ||
27 | |||
28 | function setKeysOfServer3 (serverNumber: number, publicKey: string, privateKey: string) { | ||
29 | return Promise.all([ | ||
30 | setActorField(serverNumber, 'http://localhost:9003/accounts/peertube', 'publicKey', publicKey), | ||
31 | setActorField(serverNumber, 'http://localhost:9003/accounts/peertube', 'privateKey', privateKey) | ||
32 | ]) | ||
33 | } | ||
34 | |||
35 | describe('Test ActivityPub security', function () { | ||
36 | let servers: ServerInfo[] | ||
37 | let url: string | ||
38 | |||
39 | const keys = require('./json/peertube/keys.json') | ||
40 | const invalidKeys = require('./json/peertube/invalid-keys.json') | ||
41 | const baseHttpSignature = { | ||
42 | algorithm: HTTP_SIGNATURE.ALGORITHM, | ||
43 | authorizationHeaderName: HTTP_SIGNATURE.HEADER_NAME, | ||
44 | keyId: 'acct:peertube@localhost:9002', | ||
45 | key: keys.privateKey, | ||
46 | headers: HTTP_SIGNATURE.HEADERS_TO_SIGN | ||
47 | } | ||
48 | |||
49 | // --------------------------------------------------------------- | ||
50 | |||
51 | before(async function () { | ||
52 | this.timeout(60000) | ||
53 | |||
54 | servers = await flushAndRunMultipleServers(3) | ||
55 | |||
56 | url = servers[0].url + '/inbox' | ||
57 | |||
58 | await setKeysOfServer2(1, keys.publicKey, keys.privateKey) | ||
59 | |||
60 | const to = { url: 'http://localhost:9001/accounts/peertube' } | ||
61 | const by = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey } | ||
62 | await makeFollowRequest(to, by) | ||
63 | }) | ||
64 | |||
65 | describe('When checking HTTP signature', function () { | ||
66 | |||
67 | it('Should fail with an invalid digest', async function () { | ||
68 | const body = activityPubContextify(require('./json/peertube/announce-without-context.json')) | ||
69 | const headers = { | ||
70 | Digest: buildDigest({ hello: 'coucou' }) | ||
71 | } | ||
72 | |||
73 | const { response } = await makePOSTAPRequest(url, body, baseHttpSignature, headers) | ||
74 | |||
75 | expect(response.statusCode).to.equal(403) | ||
76 | }) | ||
77 | |||
78 | it('Should fail with an invalid date', async function () { | ||
79 | const body = activityPubContextify(require('./json/peertube/announce-without-context.json')) | ||
80 | const headers = buildGlobalHeaders(body) | ||
81 | headers['date'] = 'Wed, 21 Oct 2015 07:28:00 GMT' | ||
82 | |||
83 | const { response } = await makePOSTAPRequest(url, body, baseHttpSignature, headers) | ||
84 | |||
85 | expect(response.statusCode).to.equal(403) | ||
86 | }) | ||
87 | |||
88 | it('Should fail with bad keys', async function () { | ||
89 | await setKeysOfServer2(1, invalidKeys.publicKey, invalidKeys.privateKey) | ||
90 | await setKeysOfServer2(2, invalidKeys.publicKey, invalidKeys.privateKey) | ||
91 | |||
92 | const body = activityPubContextify(require('./json/peertube/announce-without-context.json')) | ||
93 | const headers = buildGlobalHeaders(body) | ||
94 | |||
95 | const { response } = await makePOSTAPRequest(url, body, baseHttpSignature, headers) | ||
96 | |||
97 | expect(response.statusCode).to.equal(403) | ||
98 | }) | ||
99 | |||
100 | it('Should succeed with a valid HTTP signature', async function () { | ||
101 | await setKeysOfServer2(1, keys.publicKey, keys.privateKey) | ||
102 | await setKeysOfServer2(2, keys.publicKey, keys.privateKey) | ||
103 | |||
104 | const body = activityPubContextify(require('./json/peertube/announce-without-context.json')) | ||
105 | const headers = buildGlobalHeaders(body) | ||
106 | |||
107 | const { response } = await makePOSTAPRequest(url, body, baseHttpSignature, headers) | ||
108 | |||
109 | expect(response.statusCode).to.equal(204) | ||
110 | }) | ||
111 | }) | ||
112 | |||
113 | describe('When checking Linked Data Signature', function () { | ||
114 | before(async () => { | ||
115 | await setKeysOfServer3(3, keys.publicKey, keys.privateKey) | ||
116 | |||
117 | const to = { url: 'http://localhost:9001/accounts/peertube' } | ||
118 | const by = { url: 'http://localhost:9003/accounts/peertube', privateKey: keys.privateKey } | ||
119 | await makeFollowRequest(to, by) | ||
120 | }) | ||
121 | |||
122 | it('Should fail with bad keys', async function () { | ||
123 | this.timeout(10000) | ||
124 | |||
125 | await setKeysOfServer3(1, invalidKeys.publicKey, invalidKeys.privateKey) | ||
126 | await setKeysOfServer3(3, invalidKeys.publicKey, invalidKeys.privateKey) | ||
127 | |||
128 | const body = require('./json/peertube/announce-without-context.json') | ||
129 | body.actor = 'http://localhost:9003/accounts/peertube' | ||
130 | |||
131 | const signer: any = { privateKey: invalidKeys.privateKey, url: 'http://localhost:9003/accounts/peertube' } | ||
132 | const signedBody = await buildSignedActivity(signer, body) | ||
133 | |||
134 | const headers = buildGlobalHeaders(signedBody) | ||
135 | |||
136 | const { response } = await makePOSTAPRequest(url, signedBody, baseHttpSignature, headers) | ||
137 | |||
138 | expect(response.statusCode).to.equal(403) | ||
139 | }) | ||
140 | |||
141 | it('Should fail with an altered body', async function () { | ||
142 | this.timeout(10000) | ||
143 | |||
144 | await setKeysOfServer3(1, keys.publicKey, keys.privateKey) | ||
145 | await setKeysOfServer3(3, keys.publicKey, keys.privateKey) | ||
146 | |||
147 | const body = require('./json/peertube/announce-without-context.json') | ||
148 | body.actor = 'http://localhost:9003/accounts/peertube' | ||
149 | |||
150 | const signer: any = { privateKey: keys.privateKey, url: 'http://localhost:9003/accounts/peertube' } | ||
151 | const signedBody = await buildSignedActivity(signer, body) | ||
152 | |||
153 | signedBody.actor = 'http://localhost:9003/account/peertube' | ||
154 | |||
155 | const headers = buildGlobalHeaders(signedBody) | ||
156 | |||
157 | const { response } = await makePOSTAPRequest(url, signedBody, baseHttpSignature, headers) | ||
158 | |||
159 | expect(response.statusCode).to.equal(403) | ||
160 | }) | ||
161 | |||
162 | it('Should succeed with a valid signature', async function () { | ||
163 | this.timeout(10000) | ||
164 | |||
165 | const body = require('./json/peertube/announce-without-context.json') | ||
166 | body.actor = 'http://localhost:9003/accounts/peertube' | ||
167 | |||
168 | const signer: any = { privateKey: keys.privateKey, url: 'http://localhost:9003/accounts/peertube' } | ||
169 | const signedBody = await buildSignedActivity(signer, body) | ||
170 | |||
171 | const headers = buildGlobalHeaders(signedBody) | ||
172 | |||
173 | const { response } = await makePOSTAPRequest(url, signedBody, baseHttpSignature, headers) | ||
174 | |||
175 | expect(response.statusCode).to.equal(204) | ||
176 | }) | ||
177 | }) | ||
178 | |||
179 | after(async function () { | ||
180 | killallServers(servers) | ||
181 | |||
182 | // Keep the logs if the test failed | ||
183 | if (this['ok']) { | ||
184 | await flushTests() | ||
185 | } | ||
186 | }) | ||
187 | }) | ||