diff options
Diffstat (limited to 'server/tests')
-rw-r--r-- | server/tests/api/activitypub/security.ts | 73 |
1 files changed, 48 insertions, 25 deletions
diff --git a/server/tests/api/activitypub/security.ts b/server/tests/api/activitypub/security.ts index 26b4545ac..9745052a3 100644 --- a/server/tests/api/activitypub/security.ts +++ b/server/tests/api/activitypub/security.ts | |||
@@ -79,9 +79,12 @@ describe('Test ActivityPub security', function () { | |||
79 | Digest: buildDigest({ hello: 'coucou' }) | 79 | Digest: buildDigest({ hello: 'coucou' }) |
80 | } | 80 | } |
81 | 81 | ||
82 | const { statusCode } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers) | 82 | try { |
83 | 83 | await makePOSTAPRequest(url, body, baseHttpSignature(), headers) | |
84 | expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) | 84 | expect(true, 'Did not throw').to.be.false |
85 | } catch (err) { | ||
86 | expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) | ||
87 | } | ||
85 | }) | 88 | }) |
86 | 89 | ||
87 | it('Should fail with an invalid date', async function () { | 90 | it('Should fail with an invalid date', async function () { |
@@ -89,9 +92,12 @@ describe('Test ActivityPub security', function () { | |||
89 | const headers = buildGlobalHeaders(body) | 92 | const headers = buildGlobalHeaders(body) |
90 | headers['date'] = 'Wed, 21 Oct 2015 07:28:00 GMT' | 93 | headers['date'] = 'Wed, 21 Oct 2015 07:28:00 GMT' |
91 | 94 | ||
92 | const { statusCode } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers) | 95 | try { |
93 | 96 | await makePOSTAPRequest(url, body, baseHttpSignature(), headers) | |
94 | expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) | 97 | expect(true, 'Did not throw').to.be.false |
98 | } catch (err) { | ||
99 | expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) | ||
100 | } | ||
95 | }) | 101 | }) |
96 | 102 | ||
97 | it('Should fail with bad keys', async function () { | 103 | it('Should fail with bad keys', async function () { |
@@ -101,9 +107,12 @@ describe('Test ActivityPub security', function () { | |||
101 | const body = activityPubContextify(getAnnounceWithoutContext(servers[1])) | 107 | const body = activityPubContextify(getAnnounceWithoutContext(servers[1])) |
102 | const headers = buildGlobalHeaders(body) | 108 | const headers = buildGlobalHeaders(body) |
103 | 109 | ||
104 | const { statusCode } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers) | 110 | try { |
105 | 111 | await makePOSTAPRequest(url, body, baseHttpSignature(), headers) | |
106 | expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) | 112 | expect(true, 'Did not throw').to.be.false |
113 | } catch (err) { | ||
114 | expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) | ||
115 | } | ||
107 | }) | 116 | }) |
108 | 117 | ||
109 | it('Should reject requests without appropriate signed headers', async function () { | 118 | it('Should reject requests without appropriate signed headers', async function () { |
@@ -123,8 +132,12 @@ describe('Test ActivityPub security', function () { | |||
123 | for (const badHeaders of badHeadersMatrix) { | 132 | for (const badHeaders of badHeadersMatrix) { |
124 | signatureOptions.headers = badHeaders | 133 | signatureOptions.headers = badHeaders |
125 | 134 | ||
126 | const { statusCode } = await makePOSTAPRequest(url, body, signatureOptions, headers) | 135 | try { |
127 | expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) | 136 | await makePOSTAPRequest(url, body, signatureOptions, headers) |
137 | expect(true, 'Did not throw').to.be.false | ||
138 | } catch (err) { | ||
139 | expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) | ||
140 | } | ||
128 | } | 141 | } |
129 | }) | 142 | }) |
130 | 143 | ||
@@ -133,7 +146,6 @@ describe('Test ActivityPub security', function () { | |||
133 | const headers = buildGlobalHeaders(body) | 146 | const headers = buildGlobalHeaders(body) |
134 | 147 | ||
135 | const { statusCode } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers) | 148 | const { statusCode } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers) |
136 | |||
137 | expect(statusCode).to.equal(HttpStatusCode.NO_CONTENT_204) | 149 | expect(statusCode).to.equal(HttpStatusCode.NO_CONTENT_204) |
138 | }) | 150 | }) |
139 | 151 | ||
@@ -150,9 +162,12 @@ describe('Test ActivityPub security', function () { | |||
150 | const body = activityPubContextify(getAnnounceWithoutContext(servers[1])) | 162 | const body = activityPubContextify(getAnnounceWithoutContext(servers[1])) |
151 | const headers = buildGlobalHeaders(body) | 163 | const headers = buildGlobalHeaders(body) |
152 | 164 | ||
153 | const { statusCode } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers) | 165 | try { |
154 | 166 | await makePOSTAPRequest(url, body, baseHttpSignature(), headers) | |
155 | expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) | 167 | expect(true, 'Did not throw').to.be.false |
168 | } catch (err) { | ||
169 | expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) | ||
170 | } | ||
156 | }) | 171 | }) |
157 | }) | 172 | }) |
158 | 173 | ||
@@ -183,9 +198,12 @@ describe('Test ActivityPub security', function () { | |||
183 | 198 | ||
184 | const headers = buildGlobalHeaders(signedBody) | 199 | const headers = buildGlobalHeaders(signedBody) |
185 | 200 | ||
186 | const { statusCode } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers) | 201 | try { |
187 | 202 | await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers) | |
188 | expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) | 203 | expect(true, 'Did not throw').to.be.false |
204 | } catch (err) { | ||
205 | expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) | ||
206 | } | ||
189 | }) | 207 | }) |
190 | 208 | ||
191 | it('Should fail with an altered body', async function () { | 209 | it('Should fail with an altered body', async function () { |
@@ -204,9 +222,12 @@ describe('Test ActivityPub security', function () { | |||
204 | 222 | ||
205 | const headers = buildGlobalHeaders(signedBody) | 223 | const headers = buildGlobalHeaders(signedBody) |
206 | 224 | ||
207 | const { statusCode } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers) | 225 | try { |
208 | 226 | await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers) | |
209 | expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) | 227 | expect(true, 'Did not throw').to.be.false |
228 | } catch (err) { | ||
229 | expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) | ||
230 | } | ||
210 | }) | 231 | }) |
211 | 232 | ||
212 | it('Should succeed with a valid signature', async function () { | 233 | it('Should succeed with a valid signature', async function () { |
@@ -221,7 +242,6 @@ describe('Test ActivityPub security', function () { | |||
221 | const headers = buildGlobalHeaders(signedBody) | 242 | const headers = buildGlobalHeaders(signedBody) |
222 | 243 | ||
223 | const { statusCode } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers) | 244 | const { statusCode } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers) |
224 | |||
225 | expect(statusCode).to.equal(HttpStatusCode.NO_CONTENT_204) | 245 | expect(statusCode).to.equal(HttpStatusCode.NO_CONTENT_204) |
226 | }) | 246 | }) |
227 | 247 | ||
@@ -243,9 +263,12 @@ describe('Test ActivityPub security', function () { | |||
243 | 263 | ||
244 | const headers = buildGlobalHeaders(signedBody) | 264 | const headers = buildGlobalHeaders(signedBody) |
245 | 265 | ||
246 | const { statusCode } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers) | 266 | try { |
247 | 267 | await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers) | |
248 | expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) | 268 | expect(true, 'Did not throw').to.be.false |
269 | } catch (err) { | ||
270 | expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) | ||
271 | } | ||
249 | }) | 272 | }) |
250 | }) | 273 | }) |
251 | 274 | ||