aboutsummaryrefslogtreecommitdiffhomepage
path: root/server
diff options
context:
space:
mode:
Diffstat (limited to 'server')
-rw-r--r--server/tests/api/activitypub/security.ts65
1 files changed, 58 insertions, 7 deletions
diff --git a/server/tests/api/activitypub/security.ts b/server/tests/api/activitypub/security.ts
index 55dcced15..8bde54a40 100644
--- a/server/tests/api/activitypub/security.ts
+++ b/server/tests/api/activitypub/security.ts
@@ -1,15 +1,21 @@
1/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ 1/* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */
2 2
3import 'mocha' 3import 'mocha'
4
5import { cleanupTests, closeAllSequelize, flushAndRunMultipleServers, ServerInfo, setActorField } from '../../../../shared/extra-utils'
6import { HTTP_SIGNATURE } from '../../../initializers/constants'
7import { buildGlobalHeaders } from '../../../lib/job-queue/handlers/utils/activitypub-http-utils'
8import * as chai from 'chai' 4import * as chai from 'chai'
9import { activityPubContextify, buildSignedActivity } from '../../../helpers/activitypub'
10import { makeFollowRequest, makePOSTAPRequest } from '../../../../shared/extra-utils/requests/activitypub'
11import { buildDigest } from '@server/helpers/peertube-crypto' 5import { buildDigest } from '@server/helpers/peertube-crypto'
12import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' 6import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes'
7import {
8 cleanupTests,
9 closeAllSequelize,
10 flushAndRunMultipleServers,
11 ServerInfo,
12 setActorField,
13 wait
14} from '../../../../shared/extra-utils'
15import { makeFollowRequest, makePOSTAPRequest } from '../../../../shared/extra-utils/requests/activitypub'
16import { activityPubContextify, buildSignedActivity } from '../../../helpers/activitypub'
17import { HTTP_SIGNATURE } from '../../../initializers/constants'
18import { buildGlobalHeaders } from '../../../lib/job-queue/handlers/utils/activitypub-http-utils'
13 19
14const expect = chai.expect 20const expect = chai.expect
15 21
@@ -130,10 +136,32 @@ describe('Test ActivityPub security', function () {
130 136
131 expect(response.statusCode).to.equal(HttpStatusCode.NO_CONTENT_204) 137 expect(response.statusCode).to.equal(HttpStatusCode.NO_CONTENT_204)
132 }) 138 })
139
140 it('Should refresh the actor keys', async function () {
141 this.timeout(20000)
142
143 // Wait refresh invalidation
144 await wait(10000)
145
146 // Update keys of server 2 to invalid keys
147 // Server 1 should refresh the actor and fail
148 await setKeysOfServer(servers[1], servers[1], invalidKeys.publicKey, invalidKeys.privateKey)
149
150 const body = activityPubContextify(getAnnounceWithoutContext(servers[1]))
151 const headers = buildGlobalHeaders(body)
152
153 const { response } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers)
154
155 expect(response.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
156 })
133 }) 157 })
134 158
135 describe('When checking Linked Data Signature', function () { 159 describe('When checking Linked Data Signature', function () {
136 before(async () => { 160 before(async function () {
161 this.timeout(10000)
162
163 await setKeysOfServer(servers[0], servers[1], keys.publicKey, keys.privateKey)
164 await setKeysOfServer(servers[1], servers[1], keys.publicKey, keys.privateKey)
137 await setKeysOfServer(servers[2], servers[2], keys.publicKey, keys.privateKey) 165 await setKeysOfServer(servers[2], servers[2], keys.publicKey, keys.privateKey)
138 166
139 const to = { url: 'http://localhost:' + servers[0].port + '/accounts/peertube' } 167 const to = { url: 'http://localhost:' + servers[0].port + '/accounts/peertube' }
@@ -196,6 +224,29 @@ describe('Test ActivityPub security', function () {
196 224
197 expect(response.statusCode).to.equal(HttpStatusCode.NO_CONTENT_204) 225 expect(response.statusCode).to.equal(HttpStatusCode.NO_CONTENT_204)
198 }) 226 })
227
228 it('Should refresh the actor keys', async function () {
229 this.timeout(20000)
230
231 // Wait refresh invalidation
232 await wait(10000)
233
234 // Update keys of server 3 to invalid keys
235 // Server 1 should refresh the actor and fail
236 await setKeysOfServer(servers[2], servers[2], invalidKeys.publicKey, invalidKeys.privateKey)
237
238 const body = getAnnounceWithoutContext(servers[1])
239 body.actor = 'http://localhost:' + servers[2].port + '/accounts/peertube'
240
241 const signer: any = { privateKey: keys.privateKey, url: 'http://localhost:' + servers[2].port + '/accounts/peertube' }
242 const signedBody = await buildSignedActivity(signer, body)
243
244 const headers = buildGlobalHeaders(signedBody)
245
246 const { response } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers)
247
248 expect(response.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403)
249 })
199 }) 250 })
200 251
201 after(async function () { 252 after(async function () {