hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

SignatureRetryWorker: add mismatched host test, fix tests

Browse source
This commit is contained in:
Phantasm 2026-05-13 00:33:09 +02:00
commit c19bdf3814
No known key found for this signature in database
GPG key ID: 2669E588BCC634C8
1 changed files with 63 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

66
test/pleroma/workers/signature_retry_worker_test.exs
View file

@ -16,12 +16,13 @@ defmodule Pleroma.Workers.SignatureRetryWorkerTest do
alias Pleroma.Signature alias Pleroma.Signature
alias Pleroma.User alias Pleroma.User
alias Pleroma.Web.ActivityPub.UserView alias Pleroma.Web.ActivityPub.UserView
alias Pleroma.Web.Endpoint
alias Pleroma.Web.Federator alias Pleroma.Web.Federator
alias Pleroma.Workers.SignatureRetryWorker alias Pleroma.Workers.SignatureRetryWorker
defp signature_headers_for(%User{} = signer) do defp signature_headers_for(%User{} = signer) do
[ [
{"host", "local.test"}, {"host", "#{URI.parse(Endpoint.url()).host}"},
{"date", "Thu, 25 Jul 2024 13:33:31 GMT"}, {"date", "Thu, 25 Jul 2024 13:33:31 GMT"},
{"digest", "SHA-256=fake-digest"}, {"digest", "SHA-256=fake-digest"},
{"content-type", "application/activity+json"}, {"content-type", "application/activity+json"},
@ -245,6 +246,65 @@ defmodule Pleroma.Workers.SignatureRetryWorkerTest do
refute Activity.get_by_ap_id(create["id"]) refute Activity.get_by_ap_id(create["id"])
end end
test "cancels when the Host header does not match Endpoint" do
alice = insert(:user, local: false, ap_id: "https://one.com/users/alice")
create = %{
"type" => "Create",
"actor" => alice.ap_id,
"id" => "https://one.com/activities/invalid-signature-create",
"to" => ["https://www.w3.org/ns/activitystreams#Public"],
"cc" => [],
"object" => %{
"type" => "Note",
"id" => "https://one.com/objects/invalid-signature-note",
"actor" => alice.ap_id,
"attributedTo" => alice.ap_id,
"content" => "forged post",
"published" => "2024-07-25T13:33:31Z",
"to" => ["https://www.w3.org/ns/activitystreams#Public"],
"cc" => []
}
}
expect_signature_from(alice)
headers =
[
{"host", "invalid.example.com"},
{"date", "Thu, 25 Jul 2024 13:33:31 GMT"},
{"digest", "SHA-256=fake-digest"},
{"content-type", "application/activity+json"},
{
"signature",
"keyId=\"#{alice.ap_id}#main-key\",algorithm=\"rsa-sha256\",headers=\"(request-target) host date digest content-type\",signature=\"fake-signature\""
}
]
assert {:ok, oban_job} = Federator.incoming_failed_signature_ap_doc(%{
method: "POST",
req_headers: headers,
request_path: "/inbox",
params: create,
query_string: ""
})
log =
capture_log([level: :warning], fn ->
assert {:cancel, :host_header_mismatch} = SignatureRetryWorker.perform(oban_job)
end)
assert log =~ "Failed-signature inbox retry rejected"
assert log =~ "reason=:host_header_mismatch"
assert log =~ "payload_actor=\"https://one.com/users/alice\""
assert log =~ "signature_actor=\"https://one.com/users/alice\""
assert log =~ "activity_id=\"https://one.com/activities/invalid-signature-create\""
assert log =~ "type=\"Create\""
assert log =~ "request_path=\"/inbox\""
refute Activity.get_by_ap_id(create["id"])
end
test "processes the activity after refetching a valid matching signature" do test "processes the activity after refetching a valid matching signature" do
alice = insert(:user, local: false, ap_id: "https://one.com/users/alice") alice = insert(:user, local: false, ap_id: "https://one.com/users/alice")
@ -309,11 +369,11 @@ defmodule Pleroma.Workers.SignatureRetryWorkerTest do
"content-type" => "application/activity+json", "content-type" => "application/activity+json",
date: date, date: date,
digest: digest, digest: digest,
host: "local.test" host: "#{URI.parse(Endpoint.url()).host}"
}) })
req_headers = [ req_headers = [
["host", "local.test"], ["host", "#{URI.parse(Endpoint.url()).host}"],
["date", date], ["date", date],
["digest", digest], ["digest", digest],
["content-type", "application/activity+json"], ["content-type", "application/activity+json"],