From d6d0ce72604ee450560916bb29297188579faa0e Mon Sep 17 00:00:00 2001 From: Phantasm Date: Tue, 12 May 2026 14:00:28 +0200 Subject: [PATCH] EnsureHostMatchesPlug: Add tests --- .../plugs/ensure_host_matches_plug_test.exs | 123 ++++++++++++++++++ 1 file changed, 123 insertions(+) create mode 100644 test/pleroma/web/plugs/ensure_host_matches_plug_test.exs diff --git a/test/pleroma/web/plugs/ensure_host_matches_plug_test.exs b/test/pleroma/web/plugs/ensure_host_matches_plug_test.exs new file mode 100644 index 000000000..fbebc21d9 --- /dev/null +++ b/test/pleroma/web/plugs/ensure_host_matches_plug_test.exs @@ -0,0 +1,123 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2026 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.Plugs.EnsureHostMatchesPlugTest do + use Pleroma.Web.ConnCase + + alias Pleroma.Web.Endpoint + alias Pleroma.Web.Plugs.EnsureHostMatchesPlug + + import Mock + import Plug.Conn + import Tesla.Mock + + setup do + mock(fn env -> apply(HttpRequestMock, :request, [env]) end) + :ok + end + + defp set_host(conn, host), do: %{conn | req_headers: conn.req_headers ++ [{"host", host}]} + + describe "EnsureHostMatchesPlug" do + setup do + conn = build_conn(:post, "/cofe") |> assign(:valid_signature, true) + [conn: conn] + end + + test "gracefully handles no Host header", %{conn: conn} do + conn = EnsureHostMatchesPlug.call(conn, %{}) + + assert conn.status == 400 + assert conn.halted == true + assert conn.resp_body == "Host header not provided" + end + + test "gracefully handles empty Host header", %{conn: conn} do + conn = + conn + |> set_host("") + |> EnsureHostMatchesPlug.call(%{}) + + assert conn.status == 400 + assert conn.halted == true + assert conn.resp_body == "Host header not provided" + end + + test "it rejects Host header not matching Endpoint URL", %{conn: conn} do + conn = + conn + |> set_host("invalid.example.com") + |> EnsureHostMatchesPlug.call(%{}) + + assert conn.status == 400 + assert conn.halted == true + assert conn.resp_body == "Host header does not match this instance" + end + + test "it rejects Host header not matching Endpoint port", %{conn: conn} do + endpoint = URI.parse(Endpoint.url()) + + conn = + conn + |> set_host("#{endpoint.host}:25") + |> EnsureHostMatchesPlug.call(%{}) + + assert conn.status == 400 + assert conn.halted == true + assert conn.resp_body == "Host header does not match this instance" + end + + test "it rejects multiple Host headers", %{conn: conn} do + conn = + conn + |> set_host("host1.example.com") + |> set_host("host2.example.com") + |> EnsureHostMatchesPlug.call(%{}) + + assert conn.status == 400 + assert conn.halted == true + assert conn.resp_body == "More than one Host header provided" + end + + test "it works for Host header with port as 80", %{conn: conn} do + endpoint = URI.parse(Endpoint.url()) + + conn = + conn + |> set_host("#{endpoint.host}:80") + |> EnsureHostMatchesPlug.call(%{}) + + assert conn.halted == false + assert Map.get(conn.assigns, :valid_host_header, nil) + end + + test "it works for Host header with port as 443", %{conn: conn} do + with_mock Pleroma.Web.Endpoint, url: fn -> "https://localhost:4001" end do + endpoint = URI.parse(Endpoint.url()) + + conn = + conn + |> set_host("#{endpoint.host}:443") + |> EnsureHostMatchesPlug.call(%{}) + + assert conn.halted == false + assert Map.get(conn.assigns, :valid_host_header, nil) + end + end + + test "it works for Host header with port as same as Endpoint (no reverse proxy config)", %{ + conn: conn + } do + endpoint = URI.parse(Endpoint.url()) + + conn = + conn + |> set_host("#{endpoint.host}:#{endpoint.port}") + |> EnsureHostMatchesPlug.call(%{}) + + assert conn.halted == false + assert Map.get(conn.assigns, :valid_host_header, nil) + end + end +end