Fail faster.

This commit is contained in:
lain 2018-04-02 13:13:14 +02:00
parent 1b57522bba
commit 0a14d155d6
2 changed files with 62 additions and 11 deletions

View File

@ -14,8 +14,10 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
def call(conn, opts) do
user = conn.params["actor"]
Logger.debug("Checking sig for #{user}")
[signature | _] = get_req_header(conn, "signature")
if get_req_header(conn, "signature") do
cond do
signature && String.contains?(signature, user) ->
conn =
conn
|> put_req_header(
@ -24,7 +26,12 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlug do
)
assign(conn, :valid_signature, HTTPSignatures.validate_conn(conn))
else
signature ->
Logger.debug("Signature not from actor")
assign(conn, :valid_signature, false)
true ->
Logger.debug("No signature header!")
conn
end

View File

@ -0,0 +1,44 @@
defmodule Pleroma.Web.Plugs.HTTPSignaturePlugTest do
use Pleroma.Web.ConnCase
alias Pleroma.Web.HTTPSignatures
alias Pleroma.Web.Plugs.HTTPSignaturePlug
import Plug.Conn
import Mock
test "it call HTTPSignatures to check validity if the actor sighed it" do
params = %{"actor" => "http://mastodon.example.org/users/admin"}
conn = build_conn(:get, "/doesntmattter", params)
with_mock HTTPSignatures, validate_conn: fn _ -> true end do
conn =
conn
|> put_req_header(
"signature",
"keyId=\"http://mastodon.example.org/users/admin#main-key"
)
|> HTTPSignaturePlug.call(%{})
assert conn.assigns.valid_signature == true
assert called(HTTPSignatures.validate_conn(:_))
end
end
test "bails out early if the signature isn't by the activity actor" do
params = %{"actor" => "https://mst3k.interlinked.me/users/luciferMysticus"}
conn = build_conn(:get, "/doesntmattter", params)
with_mock HTTPSignatures, validate_conn: fn _ -> false end do
conn =
conn
|> put_req_header(
"signature",
"keyId=\"http://mastodon.example.org/users/admin#main-key"
)
|> HTTPSignaturePlug.call(%{})
assert conn.assigns.valid_signature == false
refute called(HTTPSignatures.validate_conn(:_))
end
end
end