nekobus
/
mastodon_neko
forked from closed-social/mastodon
1
0
Fork 0
Code Issues 0 Pull Requests 0 Projects 0 Releases 0 Wiki Activity
闭社主体 forked from https://github.com/tootsuite/mastodon
You can not select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
3604 Commits
2 Branches
112 MiB
Tree: 681c33d1f4
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '681c33d1f4'
${ noResults }
mastodon_neko/spec/controllers/concerns/signature_verification_spec.rb

74 lines
1.5 KiB
Raw Normal View History

HTTP signatures (#4146) * Add Request class with HTTP signature generator Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06 * Add HTTP signature verification concern * Add test for SignatureVerification concern * Add basic test for Request class * Make PuSH subscribe/unsubscribe requests use new Request class Accidentally fix lease_seconds not being set and sent properly, and change the new minimum subscription duration to 1 day * Make all PuSH workers use new Request class * Make Salmon sender use new Request class * Make FetchLinkService use new Request class * Make FetchAtomService use the new Request class * Make Remotable use the new Request class * Make ResolveRemoteAccountService use the new Request class * Add more tests * Allow +-30 seconds window for signed request to remain valid * Disable time window validation for signed requests, restore 7 days as PuSH subscription duration (which was previous default due to a bug)
7 years ago
 
  1. # frozen_string_literal: true
  2. 

  3. require 'rails_helper'
  4. 

  5. describe ApplicationController, type: :controller do
  6.   controller do
  7.     include SignatureVerification
  8. 

  9.     def success
  10.       head 200

  11.     end
  12. 

  13.     def alternative_success
  14.       head 200

  15.     end
  16.   end
  17. 

  18.   before do
  19.     routes.draw { get 'success' => 'anonymous#success' }
  20.   end
  21. 

  22.   context 'without signature header' do
  23.     before do
  24.       get :success
  25.     end
  26. 

  27.     describe '#signed_request?' do
  28.       it 'returns false' do
  29.         expect(controller.signed_request?).to be false
  30.       end
  31.     end
  32. 

  33.     describe '#signed_request_account' do
  34.       it 'returns nil' do
  35.         expect(controller.signed_request_account).to be_nil
  36.       end
  37.     end
  38.   end
  39. 

  40.   context 'with signature header' do
  41.     let!(:author) { Fabricate(:account) }
  42. 

  43.     before do
  44.       get :success
  45. 

  46.       fake_request = Request.new(:get, request.url)
  47.       fake_request.on_behalf_of(author)
  48. 

  49.       request.headers.merge!(fake_request.headers)
  50.     end
  51. 

  52.     describe '#signed_request?' do
  53.       it 'returns true' do
  54.         expect(controller.signed_request?).to be true
  55.       end
  56.     end
  57. 

  58.     describe '#signed_request_account' do
  59.       it 'returns an account' do
  60.         expect(controller.signed_request_account).to eq author
  61.       end
  62. 

  63.       it 'returns nil when path does not match' do
  64.         request.path = '/alternative-path'
  65.         expect(controller.signed_request_account).to be_nil
  66.       end
  67. 

  68.       it 'returns nil when method does not match' do
  69.         post :success
  70.         expect(controller.signed_request_account).to be_nil
  71.       end
  72.     end
  73.   end
  74. end