diff options
Diffstat (limited to 'server')
-rw-r--r-- | server/tests/api/activitypub/security.ts | 65 |
1 files changed, 58 insertions, 7 deletions
diff --git a/server/tests/api/activitypub/security.ts b/server/tests/api/activitypub/security.ts index 55dcced15..8bde54a40 100644 --- a/server/tests/api/activitypub/security.ts +++ b/server/tests/api/activitypub/security.ts | |||
@@ -1,15 +1,21 @@ | |||
1 | /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ | 1 | /* eslint-disable @typescript-eslint/no-unused-expressions,@typescript-eslint/require-await */ |
2 | 2 | ||
3 | import 'mocha' | 3 | import 'mocha' |
4 | |||
5 | import { cleanupTests, closeAllSequelize, flushAndRunMultipleServers, ServerInfo, setActorField } from '../../../../shared/extra-utils' | ||
6 | import { HTTP_SIGNATURE } from '../../../initializers/constants' | ||
7 | import { buildGlobalHeaders } from '../../../lib/job-queue/handlers/utils/activitypub-http-utils' | ||
8 | import * as chai from 'chai' | 4 | import * as chai from 'chai' |
9 | import { activityPubContextify, buildSignedActivity } from '../../../helpers/activitypub' | ||
10 | import { makeFollowRequest, makePOSTAPRequest } from '../../../../shared/extra-utils/requests/activitypub' | ||
11 | import { buildDigest } from '@server/helpers/peertube-crypto' | 5 | import { buildDigest } from '@server/helpers/peertube-crypto' |
12 | import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' | 6 | import { HttpStatusCode } from '../../../../shared/core-utils/miscs/http-error-codes' |
7 | import { | ||
8 | cleanupTests, | ||
9 | closeAllSequelize, | ||
10 | flushAndRunMultipleServers, | ||
11 | ServerInfo, | ||
12 | setActorField, | ||
13 | wait | ||
14 | } from '../../../../shared/extra-utils' | ||
15 | import { makeFollowRequest, makePOSTAPRequest } from '../../../../shared/extra-utils/requests/activitypub' | ||
16 | import { activityPubContextify, buildSignedActivity } from '../../../helpers/activitypub' | ||
17 | import { HTTP_SIGNATURE } from '../../../initializers/constants' | ||
18 | import { buildGlobalHeaders } from '../../../lib/job-queue/handlers/utils/activitypub-http-utils' | ||
13 | 19 | ||
14 | const expect = chai.expect | 20 | const expect = chai.expect |
15 | 21 | ||
@@ -130,10 +136,32 @@ describe('Test ActivityPub security', function () { | |||
130 | 136 | ||
131 | expect(response.statusCode).to.equal(HttpStatusCode.NO_CONTENT_204) | 137 | expect(response.statusCode).to.equal(HttpStatusCode.NO_CONTENT_204) |
132 | }) | 138 | }) |
139 | |||
140 | it('Should refresh the actor keys', async function () { | ||
141 | this.timeout(20000) | ||
142 | |||
143 | // Wait refresh invalidation | ||
144 | await wait(10000) | ||
145 | |||
146 | // Update keys of server 2 to invalid keys | ||
147 | // Server 1 should refresh the actor and fail | ||
148 | await setKeysOfServer(servers[1], servers[1], invalidKeys.publicKey, invalidKeys.privateKey) | ||
149 | |||
150 | const body = activityPubContextify(getAnnounceWithoutContext(servers[1])) | ||
151 | const headers = buildGlobalHeaders(body) | ||
152 | |||
153 | const { response } = await makePOSTAPRequest(url, body, baseHttpSignature(), headers) | ||
154 | |||
155 | expect(response.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) | ||
156 | }) | ||
133 | }) | 157 | }) |
134 | 158 | ||
135 | describe('When checking Linked Data Signature', function () { | 159 | describe('When checking Linked Data Signature', function () { |
136 | before(async () => { | 160 | before(async function () { |
161 | this.timeout(10000) | ||
162 | |||
163 | await setKeysOfServer(servers[0], servers[1], keys.publicKey, keys.privateKey) | ||
164 | await setKeysOfServer(servers[1], servers[1], keys.publicKey, keys.privateKey) | ||
137 | await setKeysOfServer(servers[2], servers[2], keys.publicKey, keys.privateKey) | 165 | await setKeysOfServer(servers[2], servers[2], keys.publicKey, keys.privateKey) |
138 | 166 | ||
139 | const to = { url: 'http://localhost:' + servers[0].port + '/accounts/peertube' } | 167 | const to = { url: 'http://localhost:' + servers[0].port + '/accounts/peertube' } |
@@ -196,6 +224,29 @@ describe('Test ActivityPub security', function () { | |||
196 | 224 | ||
197 | expect(response.statusCode).to.equal(HttpStatusCode.NO_CONTENT_204) | 225 | expect(response.statusCode).to.equal(HttpStatusCode.NO_CONTENT_204) |
198 | }) | 226 | }) |
227 | |||
228 | it('Should refresh the actor keys', async function () { | ||
229 | this.timeout(20000) | ||
230 | |||
231 | // Wait refresh invalidation | ||
232 | await wait(10000) | ||
233 | |||
234 | // Update keys of server 3 to invalid keys | ||
235 | // Server 1 should refresh the actor and fail | ||
236 | await setKeysOfServer(servers[2], servers[2], invalidKeys.publicKey, invalidKeys.privateKey) | ||
237 | |||
238 | const body = getAnnounceWithoutContext(servers[1]) | ||
239 | body.actor = 'http://localhost:' + servers[2].port + '/accounts/peertube' | ||
240 | |||
241 | const signer: any = { privateKey: keys.privateKey, url: 'http://localhost:' + servers[2].port + '/accounts/peertube' } | ||
242 | const signedBody = await buildSignedActivity(signer, body) | ||
243 | |||
244 | const headers = buildGlobalHeaders(signedBody) | ||
245 | |||
246 | const { response } = await makePOSTAPRequest(url, signedBody, baseHttpSignature(), headers) | ||
247 | |||
248 | expect(response.statusCode).to.equal(HttpStatusCode.FORBIDDEN_403) | ||
249 | }) | ||
199 | }) | 250 | }) |
200 | 251 | ||
201 | after(async function () { | 252 | after(async function () { |