closed-social
/
mastodon
3
0
Fork 2
Code Issues 5 Pull Requests 0 Projects 0 Releases 3 Wiki Activity
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
6332 Commits
4 Branches
567 MiB
Tree: fd8145d232
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from 'fd8145d232'
${ noResults }
mastodon/spec/lib/request_spec.rb

138 lines
5.2 KiB
Raw Normal View History

HTTP signatures (#4146) * Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
6 years ago
Validate HTTP response length while receiving (#6891) to_s method of HTTP::Response keeps blocking while it receives the whole content, no matter how it is big. This means it may waste time to receive unacceptably large files. It may also consume memory and disk in the process. This solves the inefficency by checking response length while receiving.
6 years ago
HTTP signatures (#4146) * Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
6 years ago
Raise Mastodon::HostValidationError when host for HTTP request is private (#6410)
6 years ago
Close http connection in perform method of Request class (#6889) HTTP connections must be explicitly closed in many cases, and letting perform method close connections makes its callers less redundant and prevent them from forgetting to close connections.
6 years ago
Raise Mastodon::HostValidationError when host for HTTP request is private (#6410)
6 years ago
Close http connection in perform method of Request class (#6889) HTTP connections must be explicitly closed in many cases, and letting perform method close connections makes its callers less redundant and prevent them from forgetting to close connections.
6 years ago
Raise Mastodon::HostValidationError when host for HTTP request is private (#6410)
6 years ago
HTTP signatures (#4146) * Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
6 years ago
request: in the event of failure, try other IPs (#6761) (#6813) * request: in the event of failure, try other IPs (#6761) In the case where a name has multiple A/AAAA records, we should try subsequent records instead of immediately failing when we have a failure on the first IP address. This significantly improves delivery success when there are network connectivity problems affecting only IPv4 or IPv6. * fix method call style * request_spec: adjust test case to use Addrinfo * request: Request/open: move private addr check to within begin/rescue * request_spec: add case to test failover, fix exception check * Double Addrinfo.foreach so that it correctly yields instances
6 years ago
Fix connect timeout not being enforced (#9329) * Fix connect timeout not being enforced The loop was catching the timeout exception that should stop execution, so the next IP would no longer be within a timed block, which led to requests taking much longer than 10 seconds. * Use timeout on each IP attempt, but limit to 2 attempts * Fix code style issue * Do not break Request#perform if no block given * Update method stub in spec for Request * Move timeout inside the begin/rescue block * Use Resolv::DNS with timeout of 1 to get IP addresses * Update Request spec to stub Resolv::DNS instead of Addrinfo * Fix Resolve::DNS stubs in Request spec
5 years ago
Close http connection in perform method of Request class (#6889) HTTP connections must be explicitly closed in many cases, and letting perform method close connections makes its callers less redundant and prevent them from forgetting to close connections.
6 years ago
request: in the event of failure, try other IPs (#6761) (#6813) * request: in the event of failure, try other IPs (#6761) In the case where a name has multiple A/AAAA records, we should try subsequent records instead of immediately failing when we have a failure on the first IP address. This significantly improves delivery success when there are network connectivity problems affecting only IPv4 or IPv6. * fix method call style * request_spec: adjust test case to use Addrinfo * request: Request/open: move private addr check to within begin/rescue * request_spec: add case to test failover, fix exception check * Double Addrinfo.foreach so that it correctly yields instances
6 years ago
Raise Mastodon::HostValidationError when host for HTTP request is private (#6410)
6 years ago
Close http connection in perform method of Request class (#6889) HTTP connections must be explicitly closed in many cases, and letting perform method close connections makes its callers less redundant and prevent them from forgetting to close connections.
6 years ago
Raise Mastodon::HostValidationError when host for HTTP request is private (#6410)
6 years ago
Close http connection in perform method of Request class (#6889) HTTP connections must be explicitly closed in many cases, and letting perform method close connections makes its callers less redundant and prevent them from forgetting to close connections.
6 years ago
Validate HTTP response length while receiving (#6891) to_s method of HTTP::Response keeps blocking while it receives the whole content, no matter how it is big. This means it may waste time to receive unacceptably large files. It may also consume memory and disk in the process. This solves the inefficency by checking response length while receiving.
6 years ago
HTTP signatures (#4146) * Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
6 years ago
Raise Mastodon::HostValidationError when host for HTTP request is private (#6410)
6 years ago
Fix connect timeout not being enforced (#9329) * Fix connect timeout not being enforced The loop was catching the timeout exception that should stop execution, so the next IP would no longer be within a timed block, which led to requests taking much longer than 10 seconds. * Use timeout on each IP attempt, but limit to 2 attempts * Fix code style issue * Do not break Request#perform if no block given * Update method stub in spec for Request * Move timeout inside the begin/rescue block * Use Resolv::DNS with timeout of 1 to get IP addresses * Update Request spec to stub Resolv::DNS instead of Addrinfo * Fix Resolve::DNS stubs in Request spec
5 years ago
Lint pass (#8876)
5 years ago
Raise Mastodon::HostValidationError when host for HTTP request is private (#6410)
6 years ago
HTTP signatures (#4146) * Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
6 years ago
Validate HTTP response length while receiving (#6891) to_s method of HTTP::Response keeps blocking while it receives the whole content, no matter how it is big. This means it may waste time to receive unacceptably large files. It may also consume memory and disk in the process. This solves the inefficency by checking response length while receiving.
6 years ago
HTTP signatures (#4146) * Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
6 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. require 'rails_helper'
  4. require 'securerandom'
  5. 

  6. describe Request do
  7.   subject { Request.new(:get, 'http://example.com') }
  8. 

  9.   describe '#headers' do
  10.     it 'returns user agent' do
  11.       expect(subject.headers['User-Agent']).to be_present
  12.     end
  13. 

  14.     it 'returns the date header' do
  15.       expect(subject.headers['Date']).to be_present
  16.     end
  17. 

  18.     it 'returns the host header' do
  19.       expect(subject.headers['Host']).to be_present
  20.     end
  21. 

  22.     it 'does not return virtual request-target header' do
  23.       expect(subject.headers['(request-target)']).to be_nil
  24.     end
  25.   end
  26. 

  27.   describe '#on_behalf_of' do
  28.     it 'when used, adds signature header' do
  29.       subject.on_behalf_of(Fabricate(:account))
  30.       expect(subject.headers['Signature']).to be_present
  31.     end
  32.   end
  33. 

  34.   describe '#add_headers' do
  35.     it 'adds headers to the request' do
  36.       subject.add_headers('Test' => 'Foo')
  37.       expect(subject.headers['Test']).to eq 'Foo'
  38.     end
  39.   end
  40. 

  41.   describe '#perform' do
  42.     context 'with valid host' do
  43.       before { stub_request(:get, 'http://example.com') }
  44. 

  45.       it 'executes a HTTP request' do
  46.         expect { |block| subject.perform &block }.to yield_control
  47.         expect(a_request(:get, 'http://example.com')).to have_been_made.once
  48.       end
  49. 

  50.       it 'executes a HTTP request when the first address is private' do
  51.         resolver = double
  52. 

  53.         allow(resolver).to receive(:getaddresses).with('example.com').and_return(%w(0.0.0.0 2001:4860:4860::8844))
  54.         allow(resolver).to receive(:timeouts=).and_return(nil)
  55.         allow(Resolv::DNS).to receive(:open).and_yield(resolver)
  56. 

  57.         expect { |block| subject.perform &block }.to yield_control
  58.         expect(a_request(:get, 'http://example.com')).to have_been_made.once
  59.       end
  60. 

  61.       it 'sets headers' do
  62.         expect { |block| subject.perform &block }.to yield_control
  63.         expect(a_request(:get, 'http://example.com').with(headers: subject.headers)).to have_been_made
  64.       end
  65. 

  66.       it 'closes underlaying connection' do
  67.         expect_any_instance_of(HTTP::Client).to receive(:close)
  68.         expect { |block| subject.perform &block }.to yield_control
  69.       end
  70. 

  71.       it 'returns response which implements body_with_limit' do
  72.         subject.perform do |response|
  73.           expect(response).to respond_to :body_with_limit
  74.         end
  75.       end
  76.     end
  77. 

  78.     context 'with private host' do
  79.       around do |example|
  80.         WebMock.disable!
  81.         example.run
  82.         WebMock.enable!
  83.       end
  84. 

  85.       it 'raises Mastodon::ValidationError' do
  86.         resolver = double
  87. 

  88.         allow(resolver).to receive(:getaddresses).with('example.com').and_return(%w(0.0.0.0 2001:db8::face))
  89.         allow(resolver).to receive(:timeouts=).and_return(nil)
  90.         allow(Resolv::DNS).to receive(:open).and_yield(resolver)
  91. 

  92.         expect { subject.perform }.to raise_error Mastodon::ValidationError
  93.       end
  94.     end
  95.   end
  96. 

  97.   describe "response's body_with_limit method" do
  98.     it 'rejects body more than 1 megabyte by default' do
  99.       stub_request(:any, 'http://example.com').to_return(body: SecureRandom.random_bytes(2.megabytes))
  100.       expect { subject.perform { |response| response.body_with_limit } }.to raise_error Mastodon::LengthValidationError
  101.     end
  102. 

  103.     it 'accepts body less than 1 megabyte by default' do
  104.       stub_request(:any, 'http://example.com').to_return(body: SecureRandom.random_bytes(2.kilobytes))
  105.       expect { subject.perform { |response| response.body_with_limit } }.not_to raise_error
  106.     end
  107. 

  108.     it 'rejects body by given size' do
  109.       stub_request(:any, 'http://example.com').to_return(body: SecureRandom.random_bytes(2.kilobytes))
  110.       expect { subject.perform { |response| response.body_with_limit(1.kilobyte) } }.to raise_error Mastodon::LengthValidationError
  111.     end
  112. 

  113.     it 'rejects too large chunked body' do
  114.       stub_request(:any, 'http://example.com').to_return(body: SecureRandom.random_bytes(2.megabytes), headers: { 'Transfer-Encoding' => 'chunked' })
  115.       expect { subject.perform { |response| response.body_with_limit } }.to raise_error Mastodon::LengthValidationError
  116.     end
  117. 

  118.     it 'rejects too large monolithic body' do
  119.       stub_request(:any, 'http://example.com').to_return(body: SecureRandom.random_bytes(2.megabytes), headers: { 'Content-Length' => 2.megabytes })
  120.       expect { subject.perform { |response| response.body_with_limit } }.to raise_error Mastodon::LengthValidationError
  121.     end
  122. 

  123.     it 'uses binary encoding if Content-Type does not tell encoding' do
  124.       stub_request(:any, 'http://example.com').to_return(body: '', headers: { 'Content-Type' => 'text/html' })
  125.       expect(subject.perform { |response| response.body_with_limit.encoding }).to eq Encoding::BINARY
  126.     end
  127. 

  128.     it 'uses binary encoding if Content-Type tells unknown encoding' do
  129.       stub_request(:any, 'http://example.com').to_return(body: '', headers: { 'Content-Type' => 'text/html; charset=unknown' })
  130.       expect(subject.perform { |response| response.body_with_limit.encoding }).to eq Encoding::BINARY
  131.     end
  132. 

  133.     it 'uses encoding specified by Content-Type' do
  134.       stub_request(:any, 'http://example.com').to_return(body: '', headers: { 'Content-Type' => 'text/html; charset=UTF-8' })
  135.       expect(subject.perform { |response| response.body_with_limit.encoding }).to eq Encoding::UTF_8
  136.     end
  137.   end
  138. end