88d064d80e
the redundant checks assumed a POST request, which will not work for signed GETs. this check was originally needed because the HTTPSignatures adapter assumed that the requests were also POST requests. but now, the adapter has been corrected.
30 lines
900 B
Elixir
30 lines
900 B
Elixir
# Pleroma: A lightweight social networking server
|
|
# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
|
|
# SPDX-License-Identifier: AGPL-3.0-only
|
|
|
|
defmodule Pleroma.Web.Plugs.HTTPSignaturePlugTest do
|
|
use Pleroma.Web.ConnCase
|
|
alias Pleroma.Web.Plugs.HTTPSignaturePlug
|
|
|
|
import Plug.Conn
|
|
import Mock
|
|
|
|
test "it call HTTPSignatures to check validity if the actor sighed it" do
|
|
params = %{"actor" => "http://mastodon.example.org/users/admin"}
|
|
conn = build_conn(:get, "/doesntmattter", params)
|
|
|
|
with_mock HTTPSignatures, validate_conn: fn _ -> true end do
|
|
conn =
|
|
conn
|
|
|> put_req_header(
|
|
"signature",
|
|
"keyId=\"http://mastodon.example.org/users/admin#main-key"
|
|
)
|
|
|> HTTPSignaturePlug.call(%{})
|
|
|
|
assert conn.assigns.valid_signature == true
|
|
assert called(HTTPSignatures.validate_conn(:_))
|
|
end
|
|
end
|
|
end
|