nekobus
/
mastodon_neko
forked from closed-social/mastodon
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
闭社主体 forked from https://github.com/tootsuite/mastodon
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
5385 Commits
2 Branches
112 MiB
Tree: 5c7bed6bbc
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '5c7bed6bbc'
${ noResults }
mastodon_neko/spec/lib/request_spec.rb

133 lines
5.4 KiB
Raw Normal View History

HTTP signatures (#4146) * Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
7 years ago
Validate HTTP response length while receiving (#6891) to_s method of HTTP::Response keeps blocking while it receives the whole content, no matter how it is big. This means it may waste time to receive unacceptably large files. It may also consume memory and disk in the process. This solves the inefficency by checking response length while receiving.
6 years ago
HTTP signatures (#4146) * Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
7 years ago
Raise Mastodon::HostValidationError when host for HTTP request is private (#6410)
6 years ago
Close http connection in perform method of Request class (#6889) HTTP connections must be explicitly closed in many cases, and letting perform method close connections makes its callers less redundant and prevent them from forgetting to close connections.
6 years ago
Raise Mastodon::HostValidationError when host for HTTP request is private (#6410)
6 years ago
Close http connection in perform method of Request class (#6889) HTTP connections must be explicitly closed in many cases, and letting perform method close connections makes its callers less redundant and prevent them from forgetting to close connections.
6 years ago
Raise Mastodon::HostValidationError when host for HTTP request is private (#6410)
6 years ago
HTTP signatures (#4146) * Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
7 years ago
request: in the event of failure, try other IPs (#6761) (#6813) * request: in the event of failure, try other IPs (#6761) In the case where a name has multiple A/AAAA records, we should try subsequent records instead of immediately failing when we have a failure on the first IP address. This significantly improves delivery success when there are network connectivity problems affecting only IPv4 or IPv6. * fix method call style * request_spec: adjust test case to use Addrinfo * request: Request/open: move private addr check to within begin/rescue * request_spec: add case to test failover, fix exception check * Double Addrinfo.foreach so that it correctly yields instances
6 years ago
Close http connection in perform method of Request class (#6889) HTTP connections must be explicitly closed in many cases, and letting perform method close connections makes its callers less redundant and prevent them from forgetting to close connections.
6 years ago
request: in the event of failure, try other IPs (#6761) (#6813) * request: in the event of failure, try other IPs (#6761) In the case where a name has multiple A/AAAA records, we should try subsequent records instead of immediately failing when we have a failure on the first IP address. This significantly improves delivery success when there are network connectivity problems affecting only IPv4 or IPv6. * fix method call style * request_spec: adjust test case to use Addrinfo * request: Request/open: move private addr check to within begin/rescue * request_spec: add case to test failover, fix exception check * Double Addrinfo.foreach so that it correctly yields instances
6 years ago
Raise Mastodon::HostValidationError when host for HTTP request is private (#6410)
6 years ago
Close http connection in perform method of Request class (#6889) HTTP connections must be explicitly closed in many cases, and letting perform method close connections makes its callers less redundant and prevent them from forgetting to close connections.
6 years ago
Raise Mastodon::HostValidationError when host for HTTP request is private (#6410)
6 years ago
Close http connection in perform method of Request class (#6889) HTTP connections must be explicitly closed in many cases, and letting perform method close connections makes its callers less redundant and prevent them from forgetting to close connections.
6 years ago
Validate HTTP response length while receiving (#6891) to_s method of HTTP::Response keeps blocking while it receives the whole content, no matter how it is big. This means it may waste time to receive unacceptably large files. It may also consume memory and disk in the process. This solves the inefficency by checking response length while receiving.
6 years ago
HTTP signatures (#4146) * Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
7 years ago
Raise Mastodon::HostValidationError when host for HTTP request is private (#6410)
6 years ago
request: in the event of failure, try other IPs (#6761) (#6813) * request: in the event of failure, try other IPs (#6761) In the case where a name has multiple A/AAAA records, we should try subsequent records instead of immediately failing when we have a failure on the first IP address. This significantly improves delivery success when there are network connectivity problems affecting only IPv4 or IPv6. * fix method call style * request_spec: adjust test case to use Addrinfo * request: Request/open: move private addr check to within begin/rescue * request_spec: add case to test failover, fix exception check * Double Addrinfo.foreach so that it correctly yields instances
6 years ago
Raise Mastodon::HostValidationError when host for HTTP request is private (#6410)
6 years ago
HTTP signatures (#4146) * Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
7 years ago
Validate HTTP response length while receiving (#6891) to_s method of HTTP::Response keeps blocking while it receives the whole content, no matter how it is big. This means it may waste time to receive unacceptably large files. It may also consume memory and disk in the process. This solves the inefficency by checking response length while receiving.
6 years ago
HTTP signatures (#4146) * Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
7 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. require 'rails_helper'
  4. require 'securerandom'
  5. 

  6. describe Request do
  7.   subject { Request.new(:get, 'http://example.com') }
  8. 

  9.   describe '#headers' do
  10.     it 'returns user agent' do
  11.       expect(subject.headers['User-Agent']).to be_present
  12.     end
  13. 

  14.     it 'returns the date header' do
  15.       expect(subject.headers['Date']).to be_present
  16.     end
  17. 

  18.     it 'returns the host header' do
  19.       expect(subject.headers['Host']).to be_present
  20.     end
  21. 

  22.     it 'does not return virtual request-target header' do
  23.       expect(subject.headers['(request-target)']).to be_nil
  24.     end
  25.   end
  26. 

  27.   describe '#on_behalf_of' do
  28.     it 'when used, adds signature header' do
  29.       subject.on_behalf_of(Fabricate(:account))
  30.       expect(subject.headers['Signature']).to be_present
  31.     end
  32.   end
  33. 

  34.   describe '#add_headers' do
  35.     it 'adds headers to the request' do
  36.       subject.add_headers('Test' => 'Foo')
  37.       expect(subject.headers['Test']).to eq 'Foo'
  38.     end
  39.   end
  40. 

  41.   describe '#perform' do
  42.     context 'with valid host' do
  43.       before { stub_request(:get, 'http://example.com') }
  44. 

  45.       it 'executes a HTTP request' do
  46.         expect { |block| subject.perform &block }.to yield_control
  47.         expect(a_request(:get, 'http://example.com')).to have_been_made.once
  48.       end
  49. 

  50.       it 'executes a HTTP request when the first address is private' do
  51.         allow(Addrinfo).to receive(:foreach).with('example.com', nil, nil, :SOCK_STREAM)
  52.                                             .and_yield(Addrinfo.new(["AF_INET", 0, "example.com", "0.0.0.0"], :PF_INET, :SOCK_STREAM))
  53.                                             .and_yield(Addrinfo.new(["AF_INET6", 0, "example.com", "2001:4860:4860::8844"], :PF_INET6, :SOCK_STREAM))
  54. 

  55.         expect { |block| subject.perform &block }.to yield_control
  56.         expect(a_request(:get, 'http://example.com')).to have_been_made.once
  57.       end
  58. 

  59.       it 'sets headers' do
  60.         expect { |block| subject.perform &block }.to yield_control
  61.         expect(a_request(:get, 'http://example.com').with(headers: subject.headers)).to have_been_made
  62.       end
  63. 

  64.       it 'closes underlaying connection' do
  65.         expect_any_instance_of(HTTP::Client).to receive(:close)
  66.         expect { |block| subject.perform &block }.to yield_control
  67.       end
  68. 

  69.       it 'returns response which implements body_with_limit' do
  70.         subject.perform do |response|
  71.           expect(response).to respond_to :body_with_limit
  72.         end
  73.       end
  74.     end
  75. 

  76.     context 'with private host' do
  77.       around do |example|
  78.         WebMock.disable!
  79.         example.run
  80.         WebMock.enable!
  81.       end
  82. 

  83.       it 'raises Mastodon::ValidationError' do
  84.         allow(Addrinfo).to receive(:foreach).with('example.com', nil, nil, :SOCK_STREAM)
  85.                                             .and_yield(Addrinfo.new(["AF_INET", 0, "example.com", "0.0.0.0"], :PF_INET, :SOCK_STREAM))
  86.                                             .and_yield(Addrinfo.new(["AF_INET6", 0, "example.com", "2001:db8::face"], :PF_INET6, :SOCK_STREAM))
  87.         expect{ subject.perform }.to raise_error Mastodon::ValidationError
  88.       end
  89.     end
  90.   end
  91. 

  92.   describe "response's body_with_limit method" do
  93.     it 'rejects body more than 1 megabyte by default' do
  94.       stub_request(:any, 'http://example.com').to_return(body: SecureRandom.random_bytes(2.megabytes))
  95.       expect { subject.perform { |response| response.body_with_limit } }.to raise_error Mastodon::LengthValidationError
  96.     end
  97. 

  98.     it 'accepts body less than 1 megabyte by default' do
  99.       stub_request(:any, 'http://example.com').to_return(body: SecureRandom.random_bytes(2.kilobytes))
  100.       expect { subject.perform { |response| response.body_with_limit } }.not_to raise_error
  101.     end
  102. 

  103.     it 'rejects body by given size' do
  104.       stub_request(:any, 'http://example.com').to_return(body: SecureRandom.random_bytes(2.kilobytes))
  105.       expect { subject.perform { |response| response.body_with_limit(1.kilobyte) } }.to raise_error Mastodon::LengthValidationError
  106.     end
  107. 

  108.     it 'rejects too large chunked body' do
  109.       stub_request(:any, 'http://example.com').to_return(body: SecureRandom.random_bytes(2.megabytes), headers: { 'Transfer-Encoding' => 'chunked' })
  110.       expect { subject.perform { |response| response.body_with_limit } }.to raise_error Mastodon::LengthValidationError
  111.     end
  112. 

  113.     it 'rejects too large monolithic body' do
  114.       stub_request(:any, 'http://example.com').to_return(body: SecureRandom.random_bytes(2.megabytes), headers: { 'Content-Length' => 2.megabytes })
  115.       expect { subject.perform { |response| response.body_with_limit } }.to raise_error Mastodon::LengthValidationError
  116.     end
  117. 

  118.     it 'uses binary encoding if Content-Type does not tell encoding' do
  119.       stub_request(:any, 'http://example.com').to_return(body: '', headers: { 'Content-Type' => 'text/html' })
  120.       expect(subject.perform { |response| response.body_with_limit.encoding }).to eq Encoding::BINARY
  121.     end
  122. 

  123.     it 'uses binary encoding if Content-Type tells unknown encoding' do
  124.       stub_request(:any, 'http://example.com').to_return(body: '', headers: { 'Content-Type' => 'text/html; charset=unknown' })
  125.       expect(subject.perform { |response| response.body_with_limit.encoding }).to eq Encoding::BINARY
  126.     end
  127. 

  128.     it 'uses encoding specified by Content-Type' do
  129.       stub_request(:any, 'http://example.com').to_return(body: '', headers: { 'Content-Type' => 'text/html; charset=UTF-8' })
  130.       expect(subject.perform { |response| response.body_with_limit.encoding }).to eq Encoding::UTF_8
  131.     end
  132.   end
  133. end