Fail faster.
This commit is contained in:
parent
1b57522bba
commit
0a14d155d6
|
@ -14,19 +14,26 @@ def call(%{assigns: %{valid_signature: true}} = conn, opts) do
|
||||||
def call(conn, opts) do
|
def call(conn, opts) do
|
||||||
user = conn.params["actor"]
|
user = conn.params["actor"]
|
||||||
Logger.debug("Checking sig for #{user}")
|
Logger.debug("Checking sig for #{user}")
|
||||||
|
[signature | _] = get_req_header(conn, "signature")
|
||||||
|
|
||||||
if get_req_header(conn, "signature") do
|
cond do
|
||||||
conn =
|
signature && String.contains?(signature, user) ->
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> put_req_header(
|
||||||
|
"(request-target)",
|
||||||
|
String.downcase("#{conn.method}") <> " #{conn.request_path}"
|
||||||
|
)
|
||||||
|
|
||||||
|
assign(conn, :valid_signature, HTTPSignatures.validate_conn(conn))
|
||||||
|
|
||||||
|
signature ->
|
||||||
|
Logger.debug("Signature not from actor")
|
||||||
|
assign(conn, :valid_signature, false)
|
||||||
|
|
||||||
|
true ->
|
||||||
|
Logger.debug("No signature header!")
|
||||||
conn
|
conn
|
||||||
|> put_req_header(
|
|
||||||
"(request-target)",
|
|
||||||
String.downcase("#{conn.method}") <> " #{conn.request_path}"
|
|
||||||
)
|
|
||||||
|
|
||||||
assign(conn, :valid_signature, HTTPSignatures.validate_conn(conn))
|
|
||||||
else
|
|
||||||
Logger.debug("No signature header!")
|
|
||||||
conn
|
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
44
test/plugs/http_signature_plug_test.exs
Normal file
44
test/plugs/http_signature_plug_test.exs
Normal file
|
@ -0,0 +1,44 @@
|
||||||
|
defmodule Pleroma.Web.Plugs.HTTPSignaturePlugTest do
|
||||||
|
use Pleroma.Web.ConnCase
|
||||||
|
alias Pleroma.Web.HTTPSignatures
|
||||||
|
alias Pleroma.Web.Plugs.HTTPSignaturePlug
|
||||||
|
|
||||||
|
import Plug.Conn
|
||||||
|
import Mock
|
||||||
|
|
||||||
|
test "it call HTTPSignatures to check validity if the actor sighed it" do
|
||||||
|
params = %{"actor" => "http://mastodon.example.org/users/admin"}
|
||||||
|
conn = build_conn(:get, "/doesntmattter", params)
|
||||||
|
|
||||||
|
with_mock HTTPSignatures, validate_conn: fn _ -> true end do
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> put_req_header(
|
||||||
|
"signature",
|
||||||
|
"keyId=\"http://mastodon.example.org/users/admin#main-key"
|
||||||
|
)
|
||||||
|
|> HTTPSignaturePlug.call(%{})
|
||||||
|
|
||||||
|
assert conn.assigns.valid_signature == true
|
||||||
|
assert called(HTTPSignatures.validate_conn(:_))
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
|
test "bails out early if the signature isn't by the activity actor" do
|
||||||
|
params = %{"actor" => "https://mst3k.interlinked.me/users/luciferMysticus"}
|
||||||
|
conn = build_conn(:get, "/doesntmattter", params)
|
||||||
|
|
||||||
|
with_mock HTTPSignatures, validate_conn: fn _ -> false end do
|
||||||
|
conn =
|
||||||
|
conn
|
||||||
|
|> put_req_header(
|
||||||
|
"signature",
|
||||||
|
"keyId=\"http://mastodon.example.org/users/admin#main-key"
|
||||||
|
)
|
||||||
|
|> HTTPSignaturePlug.call(%{})
|
||||||
|
|
||||||
|
assert conn.assigns.valid_signature == false
|
||||||
|
refute called(HTTPSignatures.validate_conn(:_))
|
||||||
|
end
|
||||||
|
end
|
||||||
|
end
|
Loading…
Reference in a new issue