aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/tests/api
diff options
context:
space:
mode:
Diffstat (limited to 'server/tests/api')
-rw-r--r--server/tests/api/activitypub/security.ts44
1 files changed, 35 insertions, 9 deletions
diff --git a/server/tests/api/activitypub/security.ts b/server/tests/api/activitypub/security.ts
index 22fae8331..c6f171633 100644
--- a/server/tests/api/activitypub/security.ts
+++ b/server/tests/api/activitypub/security.ts
@@ -2,10 +2,10 @@
2 2
3import { expect } from 'chai' 3import { expect } from 'chai'
4import { buildDigest } from '@server/helpers/peertube-crypto' 4import { buildDigest } from '@server/helpers/peertube-crypto'
5import { HTTP_SIGNATURE } from '@server/initializers/constants' 5import { ACTIVITY_PUB, HTTP_SIGNATURE } from '@server/initializers/constants'
6import { activityPubContextify } from '@server/lib/activitypub/context' 6import { activityPubContextify } from '@server/lib/activitypub/context'
7import { buildGlobalHeaders, signAndContextify } from '@server/lib/activitypub/send' 7import { buildGlobalHeaders, signAndContextify } from '@server/lib/activitypub/send'
8import { makeFollowRequest, makePOSTAPRequest } from '@server/tests/shared' 8import { makePOSTAPRequest } from '@server/tests/shared'
9import { buildAbsoluteFixturePath, wait } from '@shared/core-utils' 9import { buildAbsoluteFixturePath, wait } from '@shared/core-utils'
10import { HttpStatusCode } from '@shared/models' 10import { HttpStatusCode } from '@shared/models'
11import { cleanupTests, createMultipleServers, killallServers, PeerTubeServer } from '@shared/server-commands' 11import { cleanupTests, createMultipleServers, killallServers, PeerTubeServer } from '@shared/server-commands'
@@ -43,6 +43,32 @@ function getAnnounceWithoutContext (server: PeerTubeServer) {
43 return result 43 return result
44} 44}
45 45
46async function makeFollowRequest (to: { url: string }, by: { url: string, privateKey }) {
47 const follow = {
48 type: 'Follow',
49 id: by.url + '/' + new Date().getTime(),
50 actor: by.url,
51 object: to.url
52 }
53
54 const body = await activityPubContextify(follow, 'Follow')
55
56 const httpSignature = {
57 algorithm: HTTP_SIGNATURE.ALGORITHM,
58 authorizationHeaderName: HTTP_SIGNATURE.HEADER_NAME,
59 keyId: by.url,
60 key: by.privateKey,
61 headers: HTTP_SIGNATURE.HEADERS_TO_SIGN
62 }
63 const headers = {
64 'digest': buildDigest(body),
65 'content-type': 'application/activity+json',
66 'accept': ACTIVITY_PUB.ACCEPT_HEADER
67 }
68
69 return makePOSTAPRequest(to.url + '/inbox', body, httpSignature, headers)
70}
71
46describe('Test ActivityPub security', function () { 72describe('Test ActivityPub security', function () {
47 let servers: PeerTubeServer[] 73 let servers: PeerTubeServer[]
48 let url: string 74 let url: string
@@ -77,7 +103,7 @@ describe('Test ActivityPub security', function () {
77 describe('When checking HTTP signature', function () { 103 describe('When checking HTTP signature', function () {
78 104
79 it('Should fail with an invalid digest', async function () { 105 it('Should fail with an invalid digest', async function () {
80 const body = activityPubContextify(getAnnounceWithoutContext(servers[1]), 'Announce') 106 const body = await activityPubContextify(getAnnounceWithoutContext(servers[1]), 'Announce')
81 const headers = { 107 const headers = {
82 Digest: buildDigest({ hello: 'coucou' }) 108 Digest: buildDigest({ hello: 'coucou' })
83 } 109 }
@@ -91,7 +117,7 @@ describe('Test ActivityPub security', function () {
91 }) 117 })
92 118
93 it('Should fail with an invalid date', async function () { 119 it('Should fail with an invalid date', async function () {
94 const body = activityPubContextify(getAnnounceWithoutContext(servers[1]), 'Announce') 120 const body = await activityPubContextify(getAnnounceWithoutContext(servers[1]), 'Announce')
95 const headers = buildGlobalHeaders(body) 121 const headers = buildGlobalHeaders(body)
96 headers['date'] = 'Wed, 21 Oct 2015 07:28:00 GMT' 122 headers['date'] = 'Wed, 21 Oct 2015 07:28:00 GMT'
97 123
@@ -107,7 +133,7 @@ describe('Test ActivityPub security', function () {
107 await setKeysOfServer(servers[0], servers[1], invalidKeys.publicKey, invalidKeys.privateKey) 133 await setKeysOfServer(servers[0], servers[1], invalidKeys.publicKey, invalidKeys.privateKey)
108 await setKeysOfServer(servers[1], servers[1], invalidKeys.publicKey, invalidKeys.privateKey) 134 await setKeysOfServer(servers[1], servers[1], invalidKeys.publicKey, invalidKeys.privateKey)
109 135
110 const body = activityPubContextify(getAnnounceWithoutContext(servers[1]), 'Announce') 136 const body = await activityPubContextify(getAnnounceWithoutContext(servers[1]), 'Announce')
111 const headers = buildGlobalHeaders(body) 137 const headers = buildGlobalHeaders(body)
112 138
113 try { 139 try {
@@ -122,7 +148,7 @@ describe('Test ActivityPub security', function () {
122 await setKeysOfServer(servers[0], servers[1], keys.publicKey, keys.privateKey) 148 await setKeysOfServer(servers[0], servers[1], keys.publicKey, keys.privateKey)
123 await setKeysOfServer(servers[1], servers[1], keys.publicKey, keys.privateKey) 149 await setKeysOfServer(servers[1], servers[1], keys.publicKey, keys.privateKey)
124 150
125 const body = activityPubContextify(getAnnounceWithoutContext(servers[1]), 'Announce') 151 const body = await activityPubContextify(getAnnounceWithoutContext(servers[1]), 'Announce')
126 const headers = buildGlobalHeaders(body) 152 const headers = buildGlobalHeaders(body)
127 153
128 const signatureOptions = baseHttpSignature() 154 const signatureOptions = baseHttpSignature()
@@ -145,7 +171,7 @@ describe('Test ActivityPub security', function () {
145 }) 171 })
146 172
147 it('Should succeed with a valid HTTP signature draft 11 (without date but with (created))', async function () { 173 it('Should succeed with a valid HTTP signature draft 11 (without date but with (created))', async function () {
148 const body = activityPubContextify(getAnnounceWithoutContext(servers[1]), 'Announce') 174 const body = await activityPubContextify(getAnnounceWithoutContext(servers[1]), 'Announce')
149 const headers = buildGlobalHeaders(body) 175 const headers = buildGlobalHeaders(body)
150 176
151 const signatureOptions = baseHttpSignature() 177 const signatureOptions = baseHttpSignature()
@@ -156,7 +182,7 @@ describe('Test ActivityPub security', function () {
156 }) 182 })
157 183
158 it('Should succeed with a valid HTTP signature', async function () { 184 it('Should succeed with a valid HTTP signature', async function () {
159 const body = activityPubContextify(getAnnounceWithoutContext(servers[1]), 'Announce') 185 const body = await activityPubContextify(getAnnounceWithoutContext(servers[1]), 'Announce')
160 const headers = buildGlobalHeaders(body) 186 const headers = buildGlobalHeaders(body)
161 187
162 const { statusCode } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers) 188 const { statusCode } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
@@ -175,7 +201,7 @@ describe('Test ActivityPub security', function () {
175 await killallServers([ servers[1] ]) 201 await killallServers([ servers[1] ])
176 await servers[1].run() 202 await servers[1].run()
177 203
178 const body = activityPubContextify(getAnnounceWithoutContext(servers[1]), 'Announce') 204 const body = await activityPubContextify(getAnnounceWithoutContext(servers[1]), 'Announce')
179 const headers = buildGlobalHeaders(body) 205 const headers = buildGlobalHeaders(body)
180 206
181 try { 207 try {