hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Signature: Treat HTTP signature errors as invalid

Browse source
This commit is contained in:
Lain Soykaf 2026-05-12 08:52:42 +04:00
commit 71afba4825
No known key found for this signature in database
2 changed files with 14 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

2
lib/pleroma/signature.ex
View file

@ -104,7 +104,7 @@ defmodule Pleroma.Signature do
|> put_req_header("(request-target)", request_target) |> put_req_header("(request-target)", request_target)
|> put_req_header("@request-target", request_target) |> put_req_header("@request-target", request_target)
@http_signatures_impl.validate_conn(conn) @http_signatures_impl.validate_conn(conn) == true
end end
@spec validate_signature(Plug.Conn.t()) :: boolean() @spec validate_signature(Plug.Conn.t()) :: boolean()

13
test/pleroma/signature_test.exs
View file

@ -11,6 +11,7 @@ defmodule Pleroma.SignatureTest do
import Mock import Mock
alias Pleroma.Signature alias Pleroma.Signature
alias Pleroma.StubbedHTTPSignaturesMock, as: HTTPSignaturesMock
setup do setup do
mock(fn env -> apply(HttpRequestMock, :request, [env]) end) mock(fn env -> apply(HttpRequestMock, :request, [env]) end)
@ -103,6 +104,18 @@ defmodule Pleroma.SignatureTest do
end end
end end
describe "validate_signature/1" do
test "treats HTTP signature errors as failed validation" do
conn = %Plug.Conn{method: "GET", request_path: "/inbox", req_headers: []}
Mox.expect(HTTPSignaturesMock, :validate_conn, fn _conn ->
{:error, :request_target_header}
end)
assert Signature.validate_signature(conn) == false
end
end
describe "key_id_to_actor_id/1" do describe "key_id_to_actor_id/1" do
test "it properly deduces the actor id for misskey" do test "it properly deduces the actor id for misskey" do
assert Signature.key_id_to_actor_id("https://example.com/users/1234/publickey") == assert Signature.key_id_to_actor_id("https://example.com/users/1234/publickey") ==