aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/tests
diff options
context:
space:
mode:
Diffstat (limited to 'server/tests')
-rw-r--r--server/tests/api/activitypub/security.ts21
1 files changed, 20 insertions, 1 deletions
diff --git a/server/tests/api/activitypub/security.ts b/server/tests/api/activitypub/security.ts
index ac4bc7c6a..e6002b661 100644
--- a/server/tests/api/activitypub/security.ts
+++ b/server/tests/api/activitypub/security.ts
@@ -99,13 +99,32 @@ describe('Test ActivityPub security', function () {
99 expect(response.statusCode).to.equal(403) 99 expect(response.statusCode).to.equal(403)
100 }) 100 })
101 101
102 it('Should succeed with a valid HTTP signature', async function () { 102 it('Should reject requests without appropriate signed headers', async function () {
103 await setKeysOfServer(servers[0], servers[1], keys.publicKey, keys.privateKey) 103 await setKeysOfServer(servers[0], servers[1], keys.publicKey, keys.privateKey)
104 await setKeysOfServer(servers[1], servers[1], keys.publicKey, keys.privateKey) 104 await setKeysOfServer(servers[1], servers[1], keys.publicKey, keys.privateKey)
105 105
106 const body = activityPubContextify(getAnnounceWithoutContext(servers[1])) 106 const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
107 const headers = buildGlobalHeaders(body) 107 const headers = buildGlobalHeaders(body)
108 108
109 const signatureOptions = baseHttpSignature()
110 const badHeadersMatrix = [
111 [ '(request-target)', 'date', 'digest' ],
112 [ 'host', 'date', 'digest' ],
113 [ '(request-target)', 'host', 'digest' ]
114 ]
115
116 for (const badHeaders of badHeadersMatrix) {
117 signatureOptions.headers = badHeaders
118
119 const { response } = await makePOSTAPRequest(url, body, signatureOptions, headers)
120 expect(response.statusCode).to.equal(403)
121 }
122 })
123
124 it('Should succeed with a valid HTTP signature', async function () {
125 const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
126 const headers = buildGlobalHeaders(body)
127
109 const { response } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers) 128 const { response } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
110 129
111 expect(response.statusCode).to.equal(204) 130 expect(response.statusCode).to.equal(204)