hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Use Mox in spoofing regression tests

Browse source
This commit is contained in:
Lain Soykaf 2026-04-30 15:36:55 +04:00
commit 9c540995b4
No known key found for this signature in database
2 changed files with 136 additions and 41 deletions
Download patch file Download diff file Expand all files Collapse all files

86
test/pleroma/web/activity_pub/activity_pub_controller_test.exs
View file

@ -794,6 +794,92 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
refute Activity.get_by_ap_id(data["id"]) refute Activity.get_by_ap_id(data["id"])
end end
test "does not create a forged post signed by a different actor", %{conn: conn} do
alice = insert(:user, local: false, ap_id: "https://example.com/users/alice")
bob = insert(:user, local: false, ap_id: "https://example.com/users/bob")
object_id = "https://example.com/objects/inbox-signed-forged-note"
data = %{
"@context" => "https://www.w3.org/ns/activitystreams",
"type" => "Create",
"actor" => bob.ap_id,
"id" => "https://example.com/activities/inbox-signed-forged-create",
"context" => "https://example.com/contexts/inbox-signed-forged-create",
"to" => ["https://www.w3.org/ns/activitystreams#Public"],
"cc" => [],
"object" => %{
"type" => "Note",
"id" => object_id,
"actor" => bob.ap_id,
"attributedTo" => bob.ap_id,
"context" => "https://example.com/contexts/inbox-signed-forged-create",
"content" => "forged post",
"published" => "2024-07-25T13:33:31Z",
"to" => ["https://www.w3.org/ns/activitystreams#Public"],
"cc" => []
}
}
Mox.expect(Pleroma.StubbedHTTPSignaturesMock, :validate_conn, fn _conn -> true end)
conn =
conn
|> put_req_header("content-type", "application/activity+json")
|> put_req_header("date", "Thu, 25 Jul 2024 13:33:31 GMT")
|> put_req_header("digest", "SHA-256=fake-digest")
|> put_req_header(
"signature",
"keyId=\"#{alice.ap_id}#main-key\",algorithm=\"rsa-sha256\",headers=\"(request-target) host date digest content-type\",signature=\"fake-signature\""
)
|> post("/inbox", data)
assert conn.assigns.valid_signature == false
assert "ok" == json_response(conn, 200)
assert [{:cancel, :actor_signature_mismatch}] =
ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
refute Activity.get_by_ap_id(data["id"])
refute Object.get_by_ap_id(object_id)
end
test "does not create a forged like signed by a different actor", %{conn: conn} do
alice = insert(:user, local: false, ap_id: "https://example.com/users/alice")
bob = insert(:user, local: false, ap_id: "https://example.com/users/bob")
note = insert(:note)
data = %{
"@context" => "https://www.w3.org/ns/activitystreams",
"type" => "Like",
"actor" => bob.ap_id,
"id" => "https://example.com/activities/inbox-signed-forged-like",
"to" => ["https://www.w3.org/ns/activitystreams#Public"],
"cc" => [],
"object" => note.data["id"]
}
Mox.expect(Pleroma.StubbedHTTPSignaturesMock, :validate_conn, fn _conn -> true end)
conn =
conn
|> put_req_header("content-type", "application/activity+json")
|> put_req_header("date", "Thu, 25 Jul 2024 13:33:31 GMT")
|> put_req_header("digest", "SHA-256=fake-digest")
|> put_req_header(
"signature",
"keyId=\"#{alice.ap_id}#main-key\",algorithm=\"rsa-sha256\",headers=\"(request-target) host date digest content-type\",signature=\"fake-signature\""
)
|> post("/inbox", data)
assert conn.assigns.valid_signature == false
assert "ok" == json_response(conn, 200)
assert [{:cancel, :actor_signature_mismatch}] =
ObanHelpers.perform(all_enqueued(worker: ReceiverWorker))
refute Activity.get_by_ap_id(data["id"])
end
test "accept follow activity", %{conn: conn} do test "accept follow activity", %{conn: conn} do
clear_config([:instance, :federating], true) clear_config([:instance, :federating], true)
relay = Relay.get_actor() relay = Relay.get_actor()

91
test/pleroma/workers/receiver_worker_test.exs
View file

@ -11,6 +11,7 @@ defmodule Pleroma.Workers.ReceiverWorkerTest do
alias Pleroma.User alias Pleroma.User
alias Pleroma.Web.CommonAPI alias Pleroma.Web.CommonAPI
alias Pleroma.Web.ActivityPub.UserView
alias Pleroma.Web.Federator alias Pleroma.Web.Federator
alias Pleroma.Workers.ReceiverWorker alias Pleroma.Workers.ReceiverWorker
@ -27,28 +28,34 @@ defmodule Pleroma.Workers.ReceiverWorkerTest do
] ]
end end
defp assert_mismatched_signature_cancelled(params) do defp expect_signature_from(%User{} = signer) do
with_mocks [ signer_json = UserView.render("user.json", %{user: signer}) |> Map.delete("featured")
{Pleroma.Signature, [:passthrough],
[
refetch_public_key: fn _conn -> {:ok, :fake_public_key} end,
validate_signature: fn _conn -> true end
]},
{Pleroma.Web.Federator, [:passthrough],
[perform: fn :incoming_ap_doc, _params -> {:ok, :processed} end]}
] do
assert {:ok, oban_job} =
Federator.incoming_ap_doc(%{
method: "POST",
req_headers: mismatched_signature_headers(),
request_path: "/inbox",
params: params,
query_string: ""
})
assert {:cancel, :actor_signature_mismatch} = ReceiverWorker.perform(oban_job) Tesla.Mock.mock(fn
refute called(Pleroma.Web.Federator.perform(:incoming_ap_doc, :_)) %{url: url} when url == signer.ap_id ->
end %Tesla.Env{
status: 200,
body: Jason.encode!(signer_json),
headers: HttpRequestMock.activitypub_object_headers()
}
end)
Mox.expect(Pleroma.StubbedHTTPSignaturesMock, :validate_conn, fn _conn -> true end)
end
defp assert_mismatched_signature_cancelled(params, signer) do
expect_signature_from(signer)
assert {:ok, oban_job} =
Federator.incoming_ap_doc(%{
method: "POST",
req_headers: mismatched_signature_headers(),
request_path: "/inbox",
params: params,
query_string: ""
})
assert {:cancel, :actor_signature_mismatch} = ReceiverWorker.perform(oban_job)
end end
test "it does not retry MRF reject" do test "it does not retry MRF reject" do
@ -341,7 +348,7 @@ defmodule Pleroma.Workers.ReceiverWorkerTest do
end end
test "cancels when signature actor does not match payload actor" do test "cancels when signature actor does not match payload actor" do
_alice = insert(:user, local: false, ap_id: "https://example.com/users/alice") alice = insert(:user, local: false, ap_id: "https://example.com/users/alice")
bob = insert(:user, local: false, ap_id: "https://example.com/users/bob") bob = insert(:user, local: false, ap_id: "https://example.com/users/bob")
note = insert(:note, user: bob, object_local: false) note = insert(:note, user: bob, object_local: false)
@ -377,11 +384,9 @@ defmodule Pleroma.Workers.ReceiverWorkerTest do
} }
} }
with_mock Pleroma.Signature, [:passthrough], expect_signature_from(alice)
refetch_public_key: fn _conn -> {:ok, :fake_public_key} end,
validate_signature: fn _conn -> true end do assert {:cancel, :actor_signature_mismatch} = ReceiverWorker.perform(oban_job)
assert {:cancel, :actor_signature_mismatch} = ReceiverWorker.perform(oban_job)
end
end end
test "Federator preserves request metadata needed for ReceiverWorker signature checks" do test "Federator preserves request metadata needed for ReceiverWorker signature checks" do
@ -411,7 +416,7 @@ defmodule Pleroma.Workers.ReceiverWorkerTest do
end end
test "cancels signature actor mismatch through Federator-created jobs" do test "cancels signature actor mismatch through Federator-created jobs" do
_alice = insert(:user, local: false, ap_id: "https://example.com/users/alice") alice = insert(:user, local: false, ap_id: "https://example.com/users/alice")
bob = insert(:user, local: false, ap_id: "https://example.com/users/bob") bob = insert(:user, local: false, ap_id: "https://example.com/users/bob")
note = insert(:note, user: bob, object_local: false) note = insert(:note, user: bob, object_local: false)
@ -425,11 +430,11 @@ defmodule Pleroma.Workers.ReceiverWorkerTest do
"object" => note.data "object" => note.data
} }
assert_mismatched_signature_cancelled(update) assert_mismatched_signature_cancelled(update, alice)
end end
test "cancels signature actor mismatch before processing a forged Create" do test "cancels signature actor mismatch before processing a forged Create" do
_alice = insert(:user, local: false, ap_id: "https://example.com/users/alice") alice = insert(:user, local: false, ap_id: "https://example.com/users/alice")
bob = insert(:user, local: false, ap_id: "https://example.com/users/bob") bob = insert(:user, local: false, ap_id: "https://example.com/users/bob")
create = %{ create = %{
@ -450,11 +455,11 @@ defmodule Pleroma.Workers.ReceiverWorkerTest do
} }
} }
assert_mismatched_signature_cancelled(create) assert_mismatched_signature_cancelled(create, alice)
end end
test "cancels signature actor mismatch before actually creating a forged post" do test "cancels signature actor mismatch before actually creating a forged post" do
_alice = insert(:user, local: false, ap_id: "https://example.com/users/alice") alice = insert(:user, local: false, ap_id: "https://example.com/users/alice")
bob = insert(:user, local: false, ap_id: "https://example.com/users/bob") bob = insert(:user, local: false, ap_id: "https://example.com/users/bob")
object_id = "https://example.com/objects/actually-forged-note" object_id = "https://example.com/objects/actually-forged-note"
@ -479,6 +484,8 @@ defmodule Pleroma.Workers.ReceiverWorkerTest do
} }
} }
expect_signature_from(alice)
assert {:ok, oban_job} = assert {:ok, oban_job} =
Federator.incoming_ap_doc(%{ Federator.incoming_ap_doc(%{
method: "POST", method: "POST",
@ -493,7 +500,7 @@ defmodule Pleroma.Workers.ReceiverWorkerTest do
end end
test "cancels signature actor mismatch before processing a forged Like" do test "cancels signature actor mismatch before processing a forged Like" do
_alice = insert(:user, local: false, ap_id: "https://example.com/users/alice") alice = insert(:user, local: false, ap_id: "https://example.com/users/alice")
bob = insert(:user, local: false, ap_id: "https://example.com/users/bob") bob = insert(:user, local: false, ap_id: "https://example.com/users/bob")
note = insert(:note) note = insert(:note)
@ -506,11 +513,11 @@ defmodule Pleroma.Workers.ReceiverWorkerTest do
"object" => note.data["id"] "object" => note.data["id"]
} }
assert_mismatched_signature_cancelled(like) assert_mismatched_signature_cancelled(like, alice)
end end
test "cancels signature actor mismatch before actually creating a forged Like" do test "cancels signature actor mismatch before actually creating a forged Like" do
_alice = insert(:user, local: false, ap_id: "https://example.com/users/alice") alice = insert(:user, local: false, ap_id: "https://example.com/users/alice")
bob = insert(:user, local: false, ap_id: "https://example.com/users/bob") bob = insert(:user, local: false, ap_id: "https://example.com/users/bob")
note = insert(:note) note = insert(:note)
@ -523,6 +530,8 @@ defmodule Pleroma.Workers.ReceiverWorkerTest do
"object" => note.data["id"] "object" => note.data["id"]
} }
expect_signature_from(alice)
assert {:ok, oban_job} = assert {:ok, oban_job} =
Federator.incoming_ap_doc(%{ Federator.incoming_ap_doc(%{
method: "POST", method: "POST",
@ -537,7 +546,7 @@ defmodule Pleroma.Workers.ReceiverWorkerTest do
end end
test "cancels signature actor mismatch before processing a forged Announce" do test "cancels signature actor mismatch before processing a forged Announce" do
_alice = insert(:user, local: false, ap_id: "https://example.com/users/alice") alice = insert(:user, local: false, ap_id: "https://example.com/users/alice")
bob = insert(:user, local: false, ap_id: "https://example.com/users/bob") bob = insert(:user, local: false, ap_id: "https://example.com/users/bob")
note = insert(:note) note = insert(:note)
@ -550,11 +559,11 @@ defmodule Pleroma.Workers.ReceiverWorkerTest do
"object" => note.data["id"] "object" => note.data["id"]
} }
assert_mismatched_signature_cancelled(announce) assert_mismatched_signature_cancelled(announce, alice)
end end
test "cancels signature actor mismatch before processing a forged Follow" do test "cancels signature actor mismatch before processing a forged Follow" do
_alice = insert(:user, local: false, ap_id: "https://example.com/users/alice") alice = insert(:user, local: false, ap_id: "https://example.com/users/alice")
bob = insert(:user, local: false, ap_id: "https://example.com/users/bob") bob = insert(:user, local: false, ap_id: "https://example.com/users/bob")
followed = insert(:user) followed = insert(:user)
@ -567,11 +576,11 @@ defmodule Pleroma.Workers.ReceiverWorkerTest do
"object" => followed.ap_id "object" => followed.ap_id
} }
assert_mismatched_signature_cancelled(follow) assert_mismatched_signature_cancelled(follow, alice)
end end
test "cancels signature actor mismatch before processing a forged Undo" do test "cancels signature actor mismatch before processing a forged Undo" do
_alice = insert(:user, local: false, ap_id: "https://example.com/users/alice") alice = insert(:user, local: false, ap_id: "https://example.com/users/alice")
bob = insert(:user, local: false, ap_id: "https://example.com/users/bob") bob = insert(:user, local: false, ap_id: "https://example.com/users/bob")
undo = %{ undo = %{
@ -583,6 +592,6 @@ defmodule Pleroma.Workers.ReceiverWorkerTest do
"object" => "https://example.com/activities/existing-bob-activity" "object" => "https://example.com/activities/existing-bob-activity"
} }
assert_mismatched_signature_cancelled(undo) assert_mismatched_signature_cancelled(undo, alice)
end end
end end