aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/tests
diff options
context:
space:
mode:
Diffstat (limited to 'server/tests')
-rw-r--r--server/tests/api/activitypub/security.ts73
1 files changed, 48 insertions, 25 deletions
diff --git a/server/tests/api/activitypub/security.ts b/server/tests/api/activitypub/security.ts
index 26b4545ac..9745052a3 100644
--- a/server/tests/api/activitypub/security.ts
+++ b/server/tests/api/activitypub/security.ts
@@ -79,9 +79,12 @@ describe('Test ActivityPub security', function () {
79 Digest: buildDigest({ hello: 'coucou' }) 79 Digest: buildDigest({ hello: 'coucou' })
80 } 80 }
81 81
82 const { statusCode } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers) 82 try {
83 83 await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
84 expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) 84 expect(true, 'Did not throw').to.be.false
85 } catch (err) {
86 expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
87 }
85 }) 88 })
86 89
87 it('Should fail with an invalid date', async function () { 90 it('Should fail with an invalid date', async function () {
@@ -89,9 +92,12 @@ describe('Test ActivityPub security', function () {
89 const headers = buildGlobalHeaders(body) 92 const headers = buildGlobalHeaders(body)
90 headers['date'] = 'Wed, 21 Oct 2015 07:28:00 GMT' 93 headers['date'] = 'Wed, 21 Oct 2015 07:28:00 GMT'
91 94
92 const { statusCode } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers) 95 try {
93 96 await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
94 expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) 97 expect(true, 'Did not throw').to.be.false
98 } catch (err) {
99 expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
100 }
95 }) 101 })
96 102
97 it('Should fail with bad keys', async function () { 103 it('Should fail with bad keys', async function () {
@@ -101,9 +107,12 @@ describe('Test ActivityPub security', function () {
101 const body = activityPubContextify(getAnnounceWithoutContext(servers[1])) 107 const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
102 const headers = buildGlobalHeaders(body) 108 const headers = buildGlobalHeaders(body)
103 109
104 const { statusCode } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers) 110 try {
105 111 await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
106 expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) 112 expect(true, 'Did not throw').to.be.false
113 } catch (err) {
114 expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
115 }
107 }) 116 })
108 117
109 it('Should reject requests without appropriate signed headers', async function () { 118 it('Should reject requests without appropriate signed headers', async function () {
@@ -123,8 +132,12 @@ describe('Test ActivityPub security', function () {
123 for (const badHeaders of badHeadersMatrix) { 132 for (const badHeaders of badHeadersMatrix) {
124 signatureOptions.headers = badHeaders 133 signatureOptions.headers = badHeaders
125 134
126 const { statusCode } = await makePOSTAPRequest(url, body, signatureOptions, headers) 135 try {
127 expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) 136 await makePOSTAPRequest(url, body, signatureOptions, headers)
137 expect(true, 'Did not throw').to.be.false
138 } catch (err) {
139 expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
140 }
128 } 141 }
129 }) 142 })
130 143
@@ -133,7 +146,6 @@ describe('Test ActivityPub security', function () {
133 const headers = buildGlobalHeaders(body) 146 const headers = buildGlobalHeaders(body)
134 147
135 const { statusCode } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers) 148 const { statusCode } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
136
137 expect(statusCode).to.equal(HttpStatusCode.NO_CONTENT_204) 149 expect(statusCode).to.equal(HttpStatusCode.NO_CONTENT_204)
138 }) 150 })
139 151
@@ -150,9 +162,12 @@ describe('Test ActivityPub security', function () {
150 const body = activityPubContextify(getAnnounceWithoutContext(servers[1])) 162 const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
151 const headers = buildGlobalHeaders(body) 163 const headers = buildGlobalHeaders(body)
152 164
153 const { statusCode } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers) 165 try {
154 166 await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
155 expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) 167 expect(true, 'Did not throw').to.be.false
168 } catch (err) {
169 expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
170 }
156 }) 171 })
157 }) 172 })
158 173
@@ -183,9 +198,12 @@ describe('Test ActivityPub security', function () {
183 198
184 const headers = buildGlobalHeaders(signedBody) 199 const headers = buildGlobalHeaders(signedBody)
185 200
186 const { statusCode } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers) 201 try {
187 202 await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
188 expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) 203 expect(true, 'Did not throw').to.be.false
204 } catch (err) {
205 expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
206 }
189 }) 207 })
190 208
191 it('Should fail with an altered body', async function () { 209 it('Should fail with an altered body', async function () {
@@ -204,9 +222,12 @@ describe('Test ActivityPub security', function () {
204 222
205 const headers = buildGlobalHeaders(signedBody) 223 const headers = buildGlobalHeaders(signedBody)
206 224
207 const { statusCode } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers) 225 try {
208 226 await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
209 expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) 227 expect(true, 'Did not throw').to.be.false
228 } catch (err) {
229 expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
230 }
210 }) 231 })
211 232
212 it('Should succeed with a valid signature', async function () { 233 it('Should succeed with a valid signature', async function () {
@@ -221,7 +242,6 @@ describe('Test ActivityPub security', function () {
221 const headers = buildGlobalHeaders(signedBody) 242 const headers = buildGlobalHeaders(signedBody)
222 243
223 const { statusCode } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers) 244 const { statusCode } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
224
225 expect(statusCode).to.equal(HttpStatusCode.NO_CONTENT_204) 245 expect(statusCode).to.equal(HttpStatusCode.NO_CONTENT_204)
226 }) 246 })
227 247
@@ -243,9 +263,12 @@ describe('Test ActivityPub security', function () {
243 263
244 const headers = buildGlobalHeaders(signedBody) 264 const headers = buildGlobalHeaders(signedBody)
245 265
246 const { statusCode } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers) 266 try {
247 267 await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
248 expect(statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) 268 expect(true, 'Did not throw').to.be.false
269 } catch (err) {
270 expect(err.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
271 }
249 }) 272 })
250 }) 273 })
251 274