From df66d81583e07ce049daeeef1edc6a87b57b3684 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Tue, 23 Oct 2018 11:38:48 +0200 Subject: Add compatibility with other Linked Signature algorithms --- server/tests/api/activitypub/security.ts | 180 +++++++++++++++++++++++++++++++ 1 file changed, 180 insertions(+) create mode 100644 server/tests/api/activitypub/security.ts (limited to 'server/tests/api/activitypub/security.ts') diff --git a/server/tests/api/activitypub/security.ts b/server/tests/api/activitypub/security.ts new file mode 100644 index 000000000..c5428abbb --- /dev/null +++ b/server/tests/api/activitypub/security.ts @@ -0,0 +1,180 @@ +/* tslint:disable:no-unused-expression */ + +import 'mocha' + +import { flushAndRunMultipleServers, flushTests, killallServers, makeAPRequest, makeFollowRequest, ServerInfo } from '../../utils' +import { HTTP_SIGNATURE } from '../../../initializers' +import { buildDigest, buildGlobalHeaders } from '../../../lib/job-queue/handlers/utils/activitypub-http-utils' +import * as chai from 'chai' +import { setActorField } from '../../utils/miscs/sql' +import { activityPubContextify, buildSignedActivity } from '../../../helpers/activitypub' + +const expect = chai.expect + +function setKeysOfServer2 (serverNumber: number, publicKey: string, privateKey: string) { + return Promise.all([ + setActorField(serverNumber, 'http://localhost:9002/accounts/peertube', 'publicKey', publicKey), + setActorField(serverNumber, 'http://localhost:9002/accounts/peertube', 'privateKey', privateKey) + ]) +} + +function setKeysOfServer3 (serverNumber: number, publicKey: string, privateKey: string) { + return Promise.all([ + setActorField(serverNumber, 'http://localhost:9003/accounts/peertube', 'publicKey', publicKey), + setActorField(serverNumber, 'http://localhost:9003/accounts/peertube', 'privateKey', privateKey) + ]) +} + +describe('Test ActivityPub security', function () { + let servers: ServerInfo[] + let url: string + + const keys = require('./json/peertube/keys.json') + const invalidKeys = require('./json/peertube/invalid-keys.json') + const baseHttpSignature = { + algorithm: HTTP_SIGNATURE.ALGORITHM, + authorizationHeaderName: HTTP_SIGNATURE.HEADER_NAME, + keyId: 'acct:peertube@localhost:9002', + key: keys.privateKey, + headers: HTTP_SIGNATURE.HEADERS_TO_SIGN + } + + // --------------------------------------------------------------- + + before(async function () { + this.timeout(60000) + + servers = await flushAndRunMultipleServers(3) + + url = servers[0].url + '/inbox' + + await setKeysOfServer2(1, keys.publicKey, keys.privateKey) + + const to = { url: 'http://localhost:9001/accounts/peertube' } + const by = { url: 'http://localhost:9002/accounts/peertube', privateKey: keys.privateKey } + await makeFollowRequest(to, by) + }) + + describe('When checking HTTP signature', function () { + + it('Should fail with an invalid digest', async function () { + const body = activityPubContextify(require('./json/peertube/announce-without-context.json')) + const headers = { + Digest: buildDigest({ hello: 'coucou' }) + } + + const { response } = await makeAPRequest(url, body, baseHttpSignature, headers) + + expect(response.statusCode).to.equal(403) + }) + + it('Should fail with an invalid date', async function () { + const body = activityPubContextify(require('./json/peertube/announce-without-context.json')) + const headers = buildGlobalHeaders(body) + headers['date'] = 'Wed, 21 Oct 2015 07:28:00 GMT' + + const { response } = await makeAPRequest(url, body, baseHttpSignature, headers) + + expect(response.statusCode).to.equal(403) + }) + + it('Should fail with bad keys', async function () { + await setKeysOfServer2(1, invalidKeys.publicKey, invalidKeys.privateKey) + await setKeysOfServer2(2, invalidKeys.publicKey, invalidKeys.privateKey) + + const body = activityPubContextify(require('./json/peertube/announce-without-context.json')) + const headers = buildGlobalHeaders(body) + + const { response } = await makeAPRequest(url, body, baseHttpSignature, headers) + + expect(response.statusCode).to.equal(403) + }) + + it('Should succeed with a valid HTTP signature', async function () { + await setKeysOfServer2(1, keys.publicKey, keys.privateKey) + await setKeysOfServer2(2, keys.publicKey, keys.privateKey) + + const body = activityPubContextify(require('./json/peertube/announce-without-context.json')) + const headers = buildGlobalHeaders(body) + + const { response } = await makeAPRequest(url, body, baseHttpSignature, headers) + + expect(response.statusCode).to.equal(204) + }) + }) + + describe('When checking Linked Data Signature', function () { + before(async () => { + await setKeysOfServer3(3, keys.publicKey, keys.privateKey) + + const to = { url: 'http://localhost:9001/accounts/peertube' } + const by = { url: 'http://localhost:9003/accounts/peertube', privateKey: keys.privateKey } + await makeFollowRequest(to, by) + }) + + it('Should fail with bad keys', async function () { + this.timeout(10000) + + await setKeysOfServer3(1, invalidKeys.publicKey, invalidKeys.privateKey) + await setKeysOfServer3(3, invalidKeys.publicKey, invalidKeys.privateKey) + + const body = require('./json/peertube/announce-without-context.json') + body.actor = 'http://localhost:9003/accounts/peertube' + + const signer: any = { privateKey: invalidKeys.privateKey, url: 'http://localhost:9003/accounts/peertube' } + const signedBody = await buildSignedActivity(signer, body) + + const headers = buildGlobalHeaders(signedBody) + + const { response } = await makeAPRequest(url, signedBody, baseHttpSignature, headers) + + expect(response.statusCode).to.equal(403) + }) + + it('Should fail with an altered body', async function () { + this.timeout(10000) + + await setKeysOfServer3(1, keys.publicKey, keys.privateKey) + await setKeysOfServer3(3, keys.publicKey, keys.privateKey) + + const body = require('./json/peertube/announce-without-context.json') + body.actor = 'http://localhost:9003/accounts/peertube' + + const signer: any = { privateKey: keys.privateKey, url: 'http://localhost:9003/accounts/peertube' } + const signedBody = await buildSignedActivity(signer, body) + + signedBody.actor = 'http://localhost:9003/account/peertube' + + const headers = buildGlobalHeaders(signedBody) + + const { response } = await makeAPRequest(url, signedBody, baseHttpSignature, headers) + + expect(response.statusCode).to.equal(403) + }) + + it('Should succeed with a valid signature', async function () { + this.timeout(10000) + + const body = require('./json/peertube/announce-without-context.json') + body.actor = 'http://localhost:9003/accounts/peertube' + + const signer: any = { privateKey: keys.privateKey, url: 'http://localhost:9003/accounts/peertube' } + const signedBody = await buildSignedActivity(signer, body) + + const headers = buildGlobalHeaders(signedBody) + + const { response } = await makeAPRequest(url, signedBody, baseHttpSignature, headers) + + expect(response.statusCode).to.equal(204) + }) + }) + + after(async function () { + killallServers(servers) + + // Keep the logs if the test failed + if (this['ok']) { + await flushTests() + } + }) +}) -- cgit v1.2.3 From 5c6d985faeef1d6793d3f44ca6374f1a9b722806 Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Wed, 14 Nov 2018 15:01:28 +0100 Subject: Check activities host --- server/tests/api/activitypub/security.ts | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) (limited to 'server/tests/api/activitypub/security.ts') diff --git a/server/tests/api/activitypub/security.ts b/server/tests/api/activitypub/security.ts index c5428abbb..e7899bb14 100644 --- a/server/tests/api/activitypub/security.ts +++ b/server/tests/api/activitypub/security.ts @@ -2,7 +2,7 @@ import 'mocha' -import { flushAndRunMultipleServers, flushTests, killallServers, makeAPRequest, makeFollowRequest, ServerInfo } from '../../utils' +import { flushAndRunMultipleServers, flushTests, killallServers, makePOSTAPRequest, makeFollowRequest, ServerInfo } from '../../utils' import { HTTP_SIGNATURE } from '../../../initializers' import { buildDigest, buildGlobalHeaders } from '../../../lib/job-queue/handlers/utils/activitypub-http-utils' import * as chai from 'chai' @@ -63,7 +63,7 @@ describe('Test ActivityPub security', function () { Digest: buildDigest({ hello: 'coucou' }) } - const { response } = await makeAPRequest(url, body, baseHttpSignature, headers) + const { response } = await makePOSTAPRequest(url, body, baseHttpSignature, headers) expect(response.statusCode).to.equal(403) }) @@ -73,7 +73,7 @@ describe('Test ActivityPub security', function () { const headers = buildGlobalHeaders(body) headers['date'] = 'Wed, 21 Oct 2015 07:28:00 GMT' - const { response } = await makeAPRequest(url, body, baseHttpSignature, headers) + const { response } = await makePOSTAPRequest(url, body, baseHttpSignature, headers) expect(response.statusCode).to.equal(403) }) @@ -85,7 +85,7 @@ describe('Test ActivityPub security', function () { const body = activityPubContextify(require('./json/peertube/announce-without-context.json')) const headers = buildGlobalHeaders(body) - const { response } = await makeAPRequest(url, body, baseHttpSignature, headers) + const { response } = await makePOSTAPRequest(url, body, baseHttpSignature, headers) expect(response.statusCode).to.equal(403) }) @@ -97,7 +97,7 @@ describe('Test ActivityPub security', function () { const body = activityPubContextify(require('./json/peertube/announce-without-context.json')) const headers = buildGlobalHeaders(body) - const { response } = await makeAPRequest(url, body, baseHttpSignature, headers) + const { response } = await makePOSTAPRequest(url, body, baseHttpSignature, headers) expect(response.statusCode).to.equal(204) }) @@ -126,7 +126,7 @@ describe('Test ActivityPub security', function () { const headers = buildGlobalHeaders(signedBody) - const { response } = await makeAPRequest(url, signedBody, baseHttpSignature, headers) + const { response } = await makePOSTAPRequest(url, signedBody, baseHttpSignature, headers) expect(response.statusCode).to.equal(403) }) @@ -147,7 +147,7 @@ describe('Test ActivityPub security', function () { const headers = buildGlobalHeaders(signedBody) - const { response } = await makeAPRequest(url, signedBody, baseHttpSignature, headers) + const { response } = await makePOSTAPRequest(url, signedBody, baseHttpSignature, headers) expect(response.statusCode).to.equal(403) }) @@ -163,7 +163,7 @@ describe('Test ActivityPub security', function () { const headers = buildGlobalHeaders(signedBody) - const { response } = await makeAPRequest(url, signedBody, baseHttpSignature, headers) + const { response } = await makePOSTAPRequest(url, signedBody, baseHttpSignature, headers) expect(response.statusCode).to.equal(204) }) -- cgit v1.2.3 From 92e07c3b5d9dbf2febedb1b5b87ec676eb6d1ac8 Mon Sep 17 00:00:00 2001 From: buoyantair Date: Fri, 16 Nov 2018 02:51:26 +0530 Subject: Fix dependency errors between modules --- server/tests/api/activitypub/security.ts | 11 ++++++++++- 1 file changed, 10 insertions(+), 1 deletion(-) (limited to 'server/tests/api/activitypub/security.ts') diff --git a/server/tests/api/activitypub/security.ts b/server/tests/api/activitypub/security.ts index e7899bb14..69b7c0148 100644 --- a/server/tests/api/activitypub/security.ts +++ b/server/tests/api/activitypub/security.ts @@ -2,7 +2,16 @@ import 'mocha' -import { flushAndRunMultipleServers, flushTests, killallServers, makePOSTAPRequest, makeFollowRequest, ServerInfo } from '../../utils' +import { + flushAndRunMultipleServers, + flushTests, + killallServers, + ServerInfo +} from '../../../../shared/utils' +import { + makePOSTAPRequest, + makeFollowRequest, +} from '../../utils/requests/activitypub' import { HTTP_SIGNATURE } from '../../../initializers' import { buildDigest, buildGlobalHeaders } from '../../../lib/job-queue/handlers/utils/activitypub-http-utils' import * as chai from 'chai' -- cgit v1.2.3 From d175a6f7ab9dd53e36f9f52769ac02dbfdc57e3e Mon Sep 17 00:00:00 2001 From: Chocobozzz Date: Mon, 19 Nov 2018 17:08:18 +0100 Subject: Cleanup tests imports --- server/tests/api/activitypub/security.ts | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'server/tests/api/activitypub/security.ts') diff --git a/server/tests/api/activitypub/security.ts b/server/tests/api/activitypub/security.ts index e7899bb14..7349749f1 100644 --- a/server/tests/api/activitypub/security.ts +++ b/server/tests/api/activitypub/security.ts @@ -2,12 +2,13 @@ import 'mocha' -import { flushAndRunMultipleServers, flushTests, killallServers, makePOSTAPRequest, makeFollowRequest, ServerInfo } from '../../utils' +import { flushAndRunMultipleServers, flushTests, killallServers, ServerInfo } from '../../utils' import { HTTP_SIGNATURE } from '../../../initializers' import { buildDigest, buildGlobalHeaders } from '../../../lib/job-queue/handlers/utils/activitypub-http-utils' import * as chai from 'chai' import { setActorField } from '../../utils/miscs/sql' import { activityPubContextify, buildSignedActivity } from '../../../helpers/activitypub' +import { makeFollowRequest, makePOSTAPRequest } from '../../utils/requests/activitypub' const expect = chai.expect -- cgit v1.2.3