88d064d80e
the redundant checks assumed a POST request, which will not work for signed GETs. this check was originally needed because the HTTPSignatures adapter assumed that the requests were also POST requests. but now, the adapter has been corrected.
30 рядки
900 B
Elixir
30 рядки
900 B
Elixir
# Pleroma: A lightweight social networking server
|
|
# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
defmodule Pleroma.Web.Plugs.HTTPSignaturePlugTest do
|
|
use Pleroma.Web.ConnCase
|
|
alias Pleroma.Web.Plugs.HTTPSignaturePlug
|
|
|
|
import Plug.Conn
|
|
import Mock
|
|
|
|
test "it call HTTPSignatures to check validity if the actor sighed it" do
|
|
params = %{"actor" => "http://mastodon.example.org/users/admin"}
|
|
conn = build_conn(:get, "/doesntmattter", params)
|
|
|
|
with_mock HTTPSignatures, validate_conn: fn _ -> true end do
|
|
conn =
|
|
conn
|
|
|> put_req_header(
|
|
"signature",
|
|
"keyId=\"http://mastodon.example.org/users/admin#main-key"
|
|
)
|
|
|> HTTPSignaturePlug.call(%{})
|
|
|
|
assert conn.assigns.valid_signature == true
|
|
assert called(HTTPSignatures.validate_conn(:_))
|
|
end
|
|
end
|
|
end
|