closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
10750 Commits
4 Branches
567 MiB
Branch: closed-social-v3
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'closed-social-v3'
${ noResults }
mastodon/spec/controllers/concerns/signature_verification_spec.rb

165 lines
4.1 KiB
Raw Permalink Normal View History

HTTP signatures (#4146) * Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
6 years ago
Add Digest header to requests with body, handle acct and URI keyId (#4565)
6 years ago
HTTP signatures (#4146) * Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
6 years ago
Add HTTP signatures to all outgoing ActivityPub GET requests (#11284)
4 years ago
HTTP signatures (#4146) * Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
6 years ago
Add Digest header to requests with body, handle acct and URI keyId (#4565)
6 years ago
HTTP signatures (#4146) * Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
6 years ago
Add Digest header to requests with body, handle acct and URI keyId (#4565)
6 years ago
HTTP signatures (#4146) * Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
6 years ago
Add Digest header to requests with body, handle acct and URI keyId (#4565)
6 years ago
HTTP signatures (#4146) * Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
6 years ago
Add Digest header to requests with body, handle acct and URI keyId (#4565)
6 years ago
HTTP signatures (#4146) * Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
6 years ago
Improve signature verification safeguards (#8959) * Downcase signed_headers string before building the signed string The HTTP Signatures draft does not mandate the “headers” field to be downcased, but mandates the header field names to be downcased in the signed string, which means that prior to this patch, Mastodon could fail to process signatures from some compliant clients. It also means that it would not actually check the Digest of non-compliant clients that wouldn't use a lowercased Digest field name. Thankfully, I don't know of any such client. * Revert "Remove dead code (#8919)" This reverts commit a00ce8c92c06f42109aad5cfe65d46862cf037bb. * Restore time window checking, change it to 12 hours By checking the Date header, we can prevent replaying old vulnerable signatures. The focus is to prevent replaying old vulnerable requests from software that has been fixed in the meantime, so a somewhat long window should be fine and accounts for timezone misconfiguration. * Escape users' URLs when formatting them Fixes possible HTML injection * Escape all string interpolations in Formatter class Slightly improve performance by reducing class allocations from repeated Formatter#encode calls * Fix code style issues
5 years ago
Change signature verification to ignore signatures with invalid host (#13033) Instead of returning a signature verification error, pretend there was no signature (i.e., this does not allow access to resources that need a valid signature), so public resources can still be fetched Fix #13011
4 years ago
Add Digest header to requests with body, handle acct and URI keyId (#4565)
6 years ago
HTTP signatures (#4146) * Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
6 years ago
Add Digest header to requests with body, handle acct and URI keyId (#4565)
6 years ago
HTTP signatures (#4146) * Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
6 years ago
Add Digest header to requests with body, handle acct and URI keyId (#4565)
6 years ago
Update Rails (#8141) * Update Rails * fix Update Rails
5 years ago
Add Digest header to requests with body, handle acct and URI keyId (#4565)
6 years ago
HTTP signatures (#4146) * Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
6 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. require 'rails_helper'
  4. 

  5. describe ApplicationController, type: :controller do
  6.   controller do
  7.     include SignatureVerification
  8. 

  9.     def success
  10.       head 200

  11.     end
  12. 

  13.     def alternative_success
  14.       head 200

  15.     end
  16.   end
  17. 

  18.   before do
  19.     routes.draw { match via: [:get, :post], 'success' => 'anonymous#success' }
  20.   end
  21. 

  22.   context 'without signature header' do
  23.     before do
  24.       get :success
  25.     end
  26. 

  27.     describe '#signed_request?' do
  28.       it 'returns false' do
  29.         expect(controller.signed_request?).to be false
  30.       end
  31.     end
  32. 

  33.     describe '#signed_request_account' do
  34.       it 'returns nil' do
  35.         expect(controller.signed_request_account).to be_nil
  36.       end
  37.     end
  38.   end
  39. 

  40.   context 'with signature header' do
  41.     let!(:author) { Fabricate(:account, domain: 'example.com', uri: 'https://example.com/actor') }
  42. 

  43.     context 'without body' do
  44.       before do
  45.         get :success
  46. 

  47.         fake_request = Request.new(:get, request.url)
  48.         fake_request.on_behalf_of(author)
  49. 

  50.         request.headers.merge!(fake_request.headers)
  51.       end
  52. 

  53.       describe '#signed_request?' do
  54.         it 'returns true' do
  55.           expect(controller.signed_request?).to be true
  56.         end
  57.       end
  58. 

  59.       describe '#signed_request_account' do
  60.         it 'returns an account' do
  61.           expect(controller.signed_request_account).to eq author
  62.         end
  63. 

  64.         it 'returns nil when path does not match' do
  65.           request.path = '/alternative-path'
  66.           expect(controller.signed_request_account).to be_nil
  67.         end
  68. 

  69.         it 'returns nil when method does not match' do
  70.           post :success
  71.           expect(controller.signed_request_account).to be_nil
  72.         end
  73.       end
  74.     end
  75. 

  76.     context 'with request older than a day' do
  77.       before do
  78.         get :success
  79. 

  80.         fake_request = Request.new(:get, request.url)
  81.         fake_request.add_headers({ 'Date' => 2.days.ago.utc.httpdate })
  82.         fake_request.on_behalf_of(author)
  83. 

  84.         request.headers.merge!(fake_request.headers)
  85.       end
  86. 

  87.       describe '#signed_request?' do
  88.         it 'returns true' do
  89.           expect(controller.signed_request?).to be true
  90.         end
  91.       end
  92. 

  93.       describe '#signed_request_account' do
  94.         it 'returns nil' do
  95.           expect(controller.signed_request_account).to be_nil
  96.         end
  97.       end
  98.     end
  99. 

  100.     context 'with inaccessible key' do
  101.       before do
  102.         get :success
  103. 

  104.         author = Fabricate(:account, domain: 'localhost:5000', uri: 'http://localhost:5000/actor')
  105.         fake_request = Request.new(:get, request.url)
  106.         fake_request.on_behalf_of(author)
  107.         author.destroy
  108. 

  109.         request.headers.merge!(fake_request.headers)
  110. 

  111.         stub_request(:get, 'http://localhost:5000/actor#main-key').to_raise(Mastodon::HostValidationError)
  112.       end
  113. 

  114.       describe '#signed_request?' do
  115.         it 'returns true' do
  116.           expect(controller.signed_request?).to be true
  117.         end
  118.       end
  119. 

  120.       describe '#signed_request_account' do
  121.         it 'returns nil' do
  122.           expect(controller.signed_request_account).to be_nil
  123.         end
  124.       end
  125.     end
  126. 

  127.     context 'with body' do
  128.       before do
  129.         post :success, body: 'Hello world'
  130. 

  131.         fake_request = Request.new(:post, request.url, body: 'Hello world')
  132.         fake_request.on_behalf_of(author)
  133. 

  134.         request.headers.merge!(fake_request.headers)
  135.       end
  136. 

  137.       describe '#signed_request?' do
  138.         it 'returns true' do
  139.           expect(controller.signed_request?).to be true
  140.         end
  141.       end
  142. 

  143.       describe '#signed_request_account' do
  144.         it 'returns an account' do
  145.           expect(controller.signed_request_account).to eq author
  146.         end
  147. 

  148.         it 'returns nil when path does not match' do
  149.           request.path = '/alternative-path'
  150.           expect(controller.signed_request_account).to be_nil
  151.         end
  152. 

  153.         it 'returns nil when method does not match' do
  154.           get :success
  155.           expect(controller.signed_request_account).to be_nil
  156.         end
  157. 

  158.         it 'returns nil when body has been tampered' do
  159.           post :success, body: 'doo doo doo'
  160.           expect(controller.signed_request_account).to be_nil
  161.         end
  162.       end
  163.     end
  164.   end
  165. end