gnh1201/mastodon
1
0
Fork 0
mirror of https://github.com/mastodon/mastodon.git synced 2025-12-10 08:41:37 +00:00
Code Issues Actions 21 Packages Projects Releases Wiki Activity

Improve and add Update and Follow tests

Browse Source
This commit is contained in:
Angus McLeod 2024-05-23 16:18:45 +02:00
parent 4199a0de62
commit cc7e4479b5
3 changed files with 219 additions and 72 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

265
spec/requests/activitypub/inboxes_controller_spec.rb
View File

@ -3,6 +3,7 @@
require 'rails_helper' require 'rails_helper'
RSpec.describe ActivityPub::InboxesController do RSpec.describe ActivityPub::InboxesController do
let!(:current_datetime) { 'Wed, 20 Dec 2023 10:00:00 GMT' }
let!(:remote_actor_keypair) do let!(:remote_actor_keypair) do
OpenSSL::PKey.read(<<~PEM_TEXT) OpenSSL::PKey.read(<<~PEM_TEXT)
-----BEGIN RSA PRIVATE KEY----- -----BEGIN RSA PRIVATE KEY-----
@ -34,25 +35,27 @@ RSpec.describe ActivityPub::InboxesController do
-----END RSA PRIVATE KEY----- -----END RSA PRIVATE KEY-----
PEM_TEXT PEM_TEXT
end end
let(:remote_actor_original_username) { 'original_username' } let!(:remote_actor_inbox_url) { 'https://remote.domain/users/bob/inbox' }
let(:remote_actor) do let!(:remote_actor_original_username) { 'original_username' }
let!(:remote_actor) do
Fabricate(:account, Fabricate(:account,
domain: 'remote.domain', domain: 'remote.domain',
uri: 'https://remote.domain/users/bob', uri: 'https://remote.domain/users/bob',
private_key: nil, private_key: nil,
public_key: remote_actor_keypair.public_key.to_pem, public_key: remote_actor_keypair.public_key.to_pem,
username: remote_actor_original_username, username: remote_actor_original_username,
protocol: 1) # activitypub protocol: 1, # activitypub
inbox_url: remote_actor_inbox_url)
end end
let(:local_actor) { Fabricate(:account) } let!(:local_actor) { Fabricate(:account) }
let(:base_headers) do let!(:base_headers) do
{ {
'Host' => 'www.remote.domain', 'Host' => 'www.remote.domain',
'Date' => 'Wed, 20 Dec 2023 10:00:00 GMT', 'Date' => current_datetime,
} }
end end
let(:note_content) { 'Note from remote actor' } let!(:note_content) { 'note from remote actor' }
let(:object_json) do let!(:object_json) do
{ {
id: 'https://remote.domain/activities/objects/1', id: 'https://remote.domain/activities/objects/1',
type: 'Note', type: 'Note',
@ -60,46 +63,21 @@ RSpec.describe ActivityPub::InboxesController do
to: ActivityPub::TagManager.instance.uri_for(local_actor), to: ActivityPub::TagManager.instance.uri_for(local_actor),
} }
end end
let(:json) do
{
'@context': 'https://www.w3.org/ns/activitystreams',
id: 'https://remote.domain/activities/create/1',
type: 'Create',
actor: remote_actor_json[:id],
object: object_json,
}.with_indifferent_access
end
let(:digest_header) { digest_value(json.to_json) }
let(:signature_header) do
build_signature_string(
remote_actor_keypair,
'https://remote.domain/users/bob#main-key',
"post /users/#{local_actor.username}/inbox",
base_headers.merge(
'Digest' => digest_header
)
)
end
let(:headers) do
base_headers.merge(
'Digest' => digest_header,
'Signature' => signature_header
)
end
before do before do
travel_to '2023-12-20T10:00:00Z' Sidekiq::Testing.inline!
travel_to current_datetime
end end
context 'when remote actor username has changed' do context 'when remote actor username has changed' do
let(:remote_actor_new_username) { 'new_username' } let(:remote_actor_new_username) { 'new_username' }
let(:remote_actor_json) do let(:updated_remote_actor_json) do
{ {
'@context': 'https://www.w3.org/ns/activitystreams', '@context': 'https://www.w3.org/ns/activitystreams',
id: remote_actor.uri, id: remote_actor.uri,
type: 'Person', type: 'Person',
preferredUsername: remote_actor_new_username, preferredUsername: remote_actor_new_username,
inbox: "#{remote_actor.uri}#inbox", inbox: remote_actor.inbox_url,
publicKey: { publicKey: {
id: "#{remote_actor.uri}#main-key", id: "#{remote_actor.uri}#main-key",
owner: remote_actor.uri, owner: remote_actor.uri,
@ -111,7 +89,7 @@ RSpec.describe ActivityPub::InboxesController do
before do before do
stub_request(:get, 'https://remote.domain/users/bob#main-key') stub_request(:get, 'https://remote.domain/users/bob#main-key')
.to_return( .to_return(
body: remote_actor_json.to_json, body: updated_remote_actor_json.to_json,
headers: { headers: {
'Content-Type' => 'application/activity+json', 'Content-Type' => 'application/activity+json',
}, },
@ -119,7 +97,7 @@ RSpec.describe ActivityPub::InboxesController do
) )
stub_request(:get, 'https://remote.domain/users/bob') stub_request(:get, 'https://remote.domain/users/bob')
.to_return( .to_return(
body: remote_actor_json.to_json, body: updated_remote_actor_json.to_json,
headers: { headers: {
'Content-Type' => 'application/activity+json', 'Content-Type' => 'application/activity+json',
}, },
@ -127,26 +105,195 @@ RSpec.describe ActivityPub::InboxesController do
) )
end end
it 'successfuly processes note' do context 'with a create note' do
Sidekiq::Testing.inline! let(:json) do
post "/users/#{local_actor.username}/inbox", params: json.to_json, headers: headers {
expect(response).to have_http_status(202) '@context': 'https://www.w3.org/ns/activitystreams',
expect(Status.exists?(uri: object_json[:id])).to be(true) id: 'https://remote.domain/activities/create/1',
# we don't expect the remote actor username to change type: 'Create',
expect(remote_actor.reload.username).to eq(remote_actor_original_username) actor: remote_actor.uri,
object: object_json,
}.with_indifferent_access
end
let(:digest_header) { digest_value(json.to_json) }
let(:signature_header) do
build_signature_string(
remote_actor_keypair,
'https://remote.domain/users/bob#main-key',
"post /users/#{local_actor.username}/inbox",
base_headers.merge(
'Digest' => digest_header
)
)
end
let(:headers) do
base_headers.merge(
'Digest' => digest_header,
'Signature' => signature_header
)
end
it 'creates the note' do
post "/users/#{local_actor.username}/inbox", params: json.to_json, headers: headers
expect(response).to have_http_status(202)
expect(Status.exists?(uri: object_json[:id])).to be(true)
end
it 'does not change the local record of the remote actor' do
post "/users/#{local_actor.username}/inbox", params: json.to_json, headers: headers
expect(remote_actor.reload.username).to eq(remote_actor_original_username)
end
end
context 'with an update note' do
let!(:status) do
Fabricate(:status,
uri: object_json[:id],
text: note_content,
account: remote_actor)
end
let(:updated_content) { 'updated note from remote actor' }
let(:json) do
{
'@context': 'https://www.w3.org/ns/activitystreams',
id: 'https://remote.domain/activities/update/1',
type: 'Update',
actor: remote_actor.uri,
object: object_json.merge(
updated: current_datetime,
content: updated_content
),
}.with_indifferent_access
end
let(:digest_header) { digest_value(json.to_json) }
let(:signature_header) do
build_signature_string(
remote_actor_keypair,
'https://remote.domain/users/bob#main-key',
"post /users/#{local_actor.username}/inbox",
base_headers.merge(
'Digest' => digest_header
)
)
end
let(:headers) do
base_headers.merge(
'Digest' => digest_header,
'Signature' => signature_header
)
end
it 'updates the Note' do
post "/users/#{local_actor.username}/inbox", params: json.to_json, headers: headers
expect(response).to have_http_status(202)
expect(Status.exists?(id: status.id, text: updated_content)).to be(true)
end
it 'does not change the local record of the remote actor' do
post "/users/#{local_actor.username}/inbox", params: json.to_json, headers: headers
expect(remote_actor.reload.username).to eq(remote_actor_original_username)
end
end
context 'with an update actor' do
let(:json) do
{
'@context': 'https://www.w3.org/ns/activitystreams',
id: 'https://remote.domain/activities/update/1',
type: 'Update',
actor: remote_actor.uri,
object: updated_remote_actor_json,
}.with_indifferent_access
end
let(:digest_header) { digest_value(json.to_json) }
let(:signature_header) do
build_signature_string(
remote_actor_keypair,
'https://remote.domain/users/bob#main-key',
"post /users/#{local_actor.username}/inbox",
base_headers.merge(
'Digest' => digest_header
)
)
end
let(:headers) do
base_headers.merge(
'Digest' => digest_header,
'Signature' => signature_header
)
end
it 'does not increase the number of accounts' do
expect do
post "/users/#{local_actor.username}/inbox", params: json.to_json, headers: headers
end.to(not_change { Account.count })
end
it 'does not update the remote actors username' do
post "/users/#{local_actor.username}/inbox", params: json.to_json, headers: headers
expect(response).to have_http_status(202)
expect(remote_actor.reload.username).to eq(remote_actor_original_username)
end
end
context 'with a follow' do
context 'when the remote actor is already following the actor' do
before do
remote_actor.follow!(local_actor)
stub_request(:post, remote_actor_inbox_url)
end
let(:json) do
{
'@context': 'https://www.w3.org/ns/activitystreams',
id: 'https://remote.domain/activities/update/1',
type: 'Follow',
actor: remote_actor.uri,
object: ActivityPub::TagManager.instance.uri_for(local_actor),
}.with_indifferent_access
end
let(:digest_header) { digest_value(json.to_json) }
let(:signature_header) do
build_signature_string(
remote_actor_keypair,
'https://remote.domain/users/bob#main-key',
"post /users/#{local_actor.username}/inbox",
base_headers.merge(
'Digest' => digest_header
)
)
end
let(:headers) do
base_headers.merge(
'Digest' => digest_header,
'Signature' => signature_header
)
end
it 'does not increase the number of accounts' do
expect do
post "/users/#{local_actor.username}/inbox", params: json.to_json, headers: headers
end.to(not_change { Account.count })
end
it 'does not increase the number of follows' do
expect do
post "/users/#{local_actor.username}/inbox", params: json.to_json, headers: headers
end.to(not_change { Follow.count })
end
it 'posts an acceptance to the remote actors inbox' do
post "/users/#{local_actor.username}/inbox", params: json.to_json, headers: headers
expect(
a_request(:post, remote_actor_inbox_url)
).to have_been_made.once
end
it 'does not change the local record of the remote actor' do
post "/users/#{local_actor.username}/inbox", params: json.to_json, headers: headers
expect(remote_actor.reload.username).to eq(remote_actor_original_username)
end
end
end end
end end
def build_signature_string(keypair, key_id, request_target, headers)
algorithm = 'rsa-sha256'
signed_headers = headers.merge({ '(request-target)' => request_target })
signed_string = signed_headers.map { |key, value| "#{key.downcase}: #{value}" }.join("\n")
signature = Base64.strict_encode64(keypair.sign(OpenSSL::Digest.new('SHA256'), signed_string))
"keyId=\"#{key_id}\",algorithm=\"#{algorithm}\",headers=\"#{signed_headers.keys.join(' ').downcase}\",signature=\"#{signature}\""
end
def digest_value(body)
"SHA-256=#{Digest::SHA256.base64digest(body)}"
end
end end

13
spec/requests/signature_verification_spec.rb
View File

@ -382,17 +382,4 @@ RSpec.describe 'signature verification concern' do
alias_method :signature_required, :success alias_method :signature_required, :success
end end
end end
def digest_value(body)
"SHA-256=#{Digest::SHA256.base64digest(body)}"
end
def build_signature_string(keypair, key_id, request_target, headers)
algorithm = 'rsa-sha256'
signed_headers = headers.merge({ '(request-target)' => request_target })
signed_string = signed_headers.map { |key, value| "#{key.downcase}: #{value}" }.join("\n")
signature = Base64.strict_encode64(keypair.sign(OpenSSL::Digest.new('SHA256'), signed_string))
"keyId=\"#{key_id}\",algorithm=\"#{algorithm}\",headers=\"#{signed_headers.keys.join(' ').downcase}\",signature=\"#{signature}\""
end
end end

13
spec/support/signed_request_helpers.rb
View File

@ -1,6 +1,19 @@
# frozen_string_literal: true # frozen_string_literal: true
module SignedRequestHelpers module SignedRequestHelpers
def digest_value(body)
"SHA-256=#{Digest::SHA256.base64digest(body)}"
end
def build_signature_string(keypair, key_id, request_target, headers)
algorithm = 'rsa-sha256'
signed_headers = headers.merge({ '(request-target)' => request_target })
signed_string = signed_headers.map { |key, value| "#{key.downcase}: #{value}" }.join("\n")
signature = Base64.strict_encode64(keypair.sign(OpenSSL::Digest.new('SHA256'), signed_string))
"keyId=\"#{key_id}\",algorithm=\"#{algorithm}\",headers=\"#{signed_headers.keys.join(' ').downcase}\",signature=\"#{signature}\""
end
def get(path, headers: nil, sign_with: nil, **args) def get(path, headers: nil, sign_with: nil, **args)
return super(path, headers: headers, **args) if sign_with.nil? return super(path, headers: headers, **args) if sign_with.nil?