Stowage/forgejo
2
0
Fork 0
mirror of https://codeberg.org/forgejo/forgejo.git synced 2026-04-19 04:50:33 +00:00
Code Issues Projects Releases Packages Wiki Activity
forgejo/tests/integration/api_federation_httpsig_test.go
famfo 5f432e32c8 chore(federation): re-enable nilnil lint (#11253) 
First round of patches to re-enable some lints from my side.

This PR also refactors the general key fetching code quite a bit due to the way it currently worked
with relying on some values being nil sometimes.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/11253
Reviewed-by: elle <0xllx0@noreply.codeberg.org>
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Co-authored-by: famfo <famfo@famfo.xyz>
Co-committed-by: famfo <famfo@famfo.xyz>
2026-04-13 22:05:29 +02:00

96 lines
3 KiB
Go
Raw Blame History

// Copyright 2025 The Forgejo Authors. All rights reserved.
// SPDX-License-Identifier: MIT
package integration
import (
"fmt"
"net/http"
"net/url"
"testing"
"time"
"forgejo.org/models/db"
"forgejo.org/models/forgefed"
"forgejo.org/models/unittest"
"forgejo.org/models/user"
"forgejo.org/modules/activitypub"
"forgejo.org/modules/setting"
"forgejo.org/modules/test"
"forgejo.org/routers"
"forgejo.org/services/contexttest"
"github.com/stretchr/testify/assert"
"github.com/stretchr/testify/require"
)
func TestFederationHttpSigValidation(t *testing.T) {
defer test.MockVariableValue(&setting.Federation.Enabled, true)()
defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
onApplicationRun(t, func(t *testing.T, u *url.URL) {
userID := 2
userURL := fmt.Sprintf("%sapi/v1/activitypub/user-id/%d", u, userID)
user1 := unittest.AssertExistsAndLoadBean(t, &user.User{ID: 1})
ctx, _ := contexttest.MockAPIContext(t, userURL)
clientFactory, err := activitypub.NewClientFactoryWithTimeout(60 * time.Second)
require.NoError(t, err)
apClient, err := clientFactory.WithKeys(ctx, user1, user1.KeyID())
require.NoError(t, err)
// HACK HACK HACK: the host part of the URL gets set to which IP forgejo is
// listening on, NOT localhost, which is the Domain given to forgejo which
// is then used for eg. the keyID all requests
applicationKeyID := fmt.Sprintf("%sapi/v1/activitypub/actor#main-key", setting.AppURL)
actorKeyID := fmt.Sprintf("%sapi/v1/activitypub/user-id/1#main-key", setting.AppURL)
// Unsigned request
t.Run("UnsignedRequest", func(t *testing.T) {
req := NewRequest(t, "GET", userURL)
MakeRequest(t, req, http.StatusBadRequest)
})
// Check for missing public keys
t.Run("ValidateEmptyCaches", func(t *testing.T) {
_, err := forgefed.FindFederationHostByKeyID(db.DefaultContext, applicationKeyID)
require.Error(t, err)
assert.True(t, forgefed.IsErrFederationHostNotFound(err))
_, _, err = user.FindFederatedUserByKeyID(db.DefaultContext, actorKeyID)
require.Error(t, err)
assert.True(t, user.IsErrFederatedUserNotExists(err))
})
// Signed request
t.Run("SignedRequest", func(t *testing.T) {
resp, err := apClient.Get(userURL)
require.NoError(t, err)
assert.Equal(t, http.StatusOK, resp.StatusCode)
})
// Check for cached public keys
t.Run("ValidateCaches", func(t *testing.T) {
host, err := forgefed.FindFederationHostByKeyID(db.DefaultContext, applicationKeyID)
require.NoError(t, err)
assert.NotNil(t, host)
assert.True(t, host.PublicKey.Valid)
_, user, err := user.FindFederatedUserByKeyID(db.DefaultContext, actorKeyID)
require.NoError(t, err)
assert.NotNil(t, user)
assert.True(t, user.PublicKey.Valid)
})
// Disable signature validation
defer test.MockVariableValue(&setting.Federation.SignatureEnforced, false)()
// Unsigned request
t.Run("SignatureValidationDisabled", func(t *testing.T) {
req := NewRequest(t, "GET", userURL)
MakeRequest(t, req, http.StatusOK)
})
})
}
Reference in a new issue View git blame Copy permalink