hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Add failed-signature retry regression tests

Browse source
This commit is contained in:
Lain Soykaf 2026-05-03 10:19:33 +04:00
commit 00dd1b5103
No known key found for this signature in database
4 changed files with 75 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/pleroma/web/activity_pub/object_validators/update_validator.ex
View file

@ -105,7 +105,7 @@ defmodule Pleroma.Web.ActivityPub.ObjectValidators.UpdateValidator do
cng cng
|> add_error(:object, "Can't be updated by this actor") |> add_error(:object, "Can't be updated by this actor")
true -> _ ->
cng cng
|> add_error(:object, "Update is neither for Object or Actor") |> add_error(:object, "Update is neither for Object or Actor")
end end

33
test/pleroma/web/activity_pub/activity_pub_controller_test.exs
View file

@ -819,6 +819,39 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
refute Activity.get_by_ap_id(data["id"]) refute Activity.get_by_ap_id(data["id"])
end end
test "does not delete an object after failed signature retry", %{conn: conn} do
alice = insert(:user, local: false, ap_id: "https://one.com/users/alice")
bob = insert(:user, local: false, ap_id: "https://two.com/users/bob")
note = insert(:note)
object_id = note.data["id"]
data = %{
"type" => "Delete",
"actor" => bob.ap_id,
"id" => "https://two.com/activities/inbox-forged-delete",
"to" => ["https://www.w3.org/ns/activitystreams#Public"],
"cc" => [],
"object" => object_id
}
expect_signature_retry_from(alice)
conn =
conn
|> assign(:valid_signature, false)
|> put_req_header("content-type", "application/activity+json")
|> put_req_header("signature", "keyId=\"https://one.com/users/alice#main-key\"")
|> post("/inbox", data)
assert "ok" == json_response(conn, 200)
assert [{:cancel, :actor_signature_mismatch}] =
ObanHelpers.perform(all_enqueued(worker: SignatureRetryWorker))
refute Activity.get_by_ap_id(data["id"])
assert %Object{data: %{"type" => "Note"}} = Object.get_by_ap_id(object_id)
end
test "does not create a forged post signed by a different actor", %{conn: conn} do test "does not create a forged post signed by a different actor", %{conn: conn} do
alice = insert(:user, local: false, ap_id: "https://one.com/users/alice") alice = insert(:user, local: false, ap_id: "https://one.com/users/alice")
bob = insert(:user, local: false, ap_id: "https://two.com/users/bob") bob = insert(:user, local: false, ap_id: "https://two.com/users/bob")

16
test/pleroma/workers/receiver_worker_test.exs
View file

@ -237,6 +237,22 @@ defmodule Pleroma.Workers.ReceiverWorkerTest do
refute Pleroma.Object.get_by_ap_id(object_id) refute Pleroma.Object.get_by_ap_id(object_id)
end end
test "fails closed for legacy retry jobs missing one metadata field" do
alice = insert(:user, local: false, ap_id: "https://one.com/users/alice")
params = insert(:note_activity).data
assert {:cancel, :missing_signature_retry_metadata} =
ReceiverWorker.perform(%Oban.Job{
args: %{
"op" => "incoming_ap_doc",
"method" => "POST",
"params" => params,
"req_headers" => signature_headers_for(alice),
"request_path" => "/inbox"
}
})
end
test "fails closed for malformed legacy metadata jobs without params" do test "fails closed for malformed legacy metadata jobs without params" do
assert {:cancel, :missing_signature_retry_metadata} = assert {:cancel, :missing_signature_retry_metadata} =
ReceiverWorker.perform(%Oban.Job{ ReceiverWorker.perform(%Oban.Job{

25
test/pleroma/workers/signature_retry_worker_test.exs
View file

@ -399,6 +399,31 @@ defmodule Pleroma.Workers.SignatureRetryWorkerTest do
assert_mismatched_signature_cancelled(create, alice) assert_mismatched_signature_cancelled(create, alice)
end end
test "cancels signature actor mismatch when payload actor is embedded" do
alice = insert(:user, local: false, ap_id: "https://one.com/users/alice")
bob = insert(:user, local: false, ap_id: "https://two.com/users/bob")
create = %{
"type" => "Create",
"actor" => %{"id" => bob.ap_id},
"id" => "https://two.com/activities/embedded-actor-forged-create",
"to" => ["https://www.w3.org/ns/activitystreams#Public"],
"cc" => [],
"object" => %{
"type" => "Note",
"id" => "https://two.com/objects/embedded-actor-forged-note",
"actor" => bob.ap_id,
"attributedTo" => bob.ap_id,
"content" => "forged post",
"published" => "2024-07-25T13:33:31Z",
"to" => ["https://www.w3.org/ns/activitystreams#Public"],
"cc" => []
}
}
assert_mismatched_signature_cancelled(create, alice)
end
test "logs signature actor mismatch retry rejections" do test "logs signature actor mismatch retry rejections" do
alice = insert(:user, local: false, ap_id: "https://one.com/users/alice") alice = insert(:user, local: false, ap_id: "https://one.com/users/alice")
bob = insert(:user, local: false, ap_id: "https://two.com/users/bob") bob = insert(:user, local: false, ap_id: "https://two.com/users/bob")