Fix signature checking
This commit is contained in:
parent
7825798e32
commit
0c21341156
7 changed files with 65 additions and 16 deletions
|
@ -12,9 +12,8 @@ matrix:
|
||||||
OTP_VERSION: 25
|
OTP_VERSION: 25
|
||||||
- ELIXIR_VERSION: 1.15
|
- ELIXIR_VERSION: 1.15
|
||||||
OTP_VERSION: 25
|
OTP_VERSION: 25
|
||||||
# Soon
|
- ELIXIR_VERSION: 1.15
|
||||||
#- ELIXIR_VERSION: 1.15
|
OTP_VERSION: 26
|
||||||
# OTP_VERSION: 26
|
|
||||||
|
|
||||||
variables:
|
variables:
|
||||||
- &scw-secrets
|
- &scw-secrets
|
||||||
|
|
|
@ -4,6 +4,10 @@ All notable changes to this project will be documented in this file.
|
||||||
|
|
||||||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
||||||
|
|
||||||
|
## Unreleased
|
||||||
|
|
||||||
|
## Added
|
||||||
|
|
||||||
## 2023.08
|
## 2023.08
|
||||||
|
|
||||||
## Added
|
## Added
|
||||||
|
|
4
mix.exs
4
mix.exs
|
@ -157,7 +157,9 @@ defp deps do
|
||||||
{:timex, "~> 3.7"},
|
{:timex, "~> 3.7"},
|
||||||
{:ueberauth, "~> 0.10"},
|
{:ueberauth, "~> 0.10"},
|
||||||
{:linkify, git: "https://akkoma.dev/AkkomaGang/linkify.git"},
|
{:linkify, git: "https://akkoma.dev/AkkomaGang/linkify.git"},
|
||||||
{:http_signatures, "~> 0.1.1"},
|
{:http_signatures,
|
||||||
|
git: "https://akkoma.dev/AkkomaGang/http_signatures.git",
|
||||||
|
ref: "6640ce7d24c783ac2ef56e27d00d12e8dc85f396"},
|
||||||
{:telemetry, "~> 1.2"},
|
{:telemetry, "~> 1.2"},
|
||||||
{:telemetry_poller, "~> 1.0"},
|
{:telemetry_poller, "~> 1.0"},
|
||||||
{:telemetry_metrics, "~> 0.6"},
|
{:telemetry_metrics, "~> 0.6"},
|
||||||
|
|
2
mix.lock
2
mix.lock
|
@ -57,7 +57,7 @@
|
||||||
"hackney": {:hex, :hackney, "1.18.1", "f48bf88f521f2a229fc7bae88cf4f85adc9cd9bcf23b5dc8eb6a1788c662c4f6", [:rebar3], [{:certifi, "~> 2.9.0", [hex: :certifi, repo: "hexpm", optional: false]}, {:idna, "~> 6.1.0", [hex: :idna, repo: "hexpm", optional: false]}, {:metrics, "~> 1.0.0", [hex: :metrics, repo: "hexpm", optional: false]}, {:mimerl, "~> 1.1", [hex: :mimerl, repo: "hexpm", optional: false]}, {:parse_trans, "3.3.1", [hex: :parse_trans, repo: "hexpm", optional: false]}, {:ssl_verify_fun, "~> 1.1.0", [hex: :ssl_verify_fun, repo: "hexpm", optional: false]}, {:unicode_util_compat, "~> 0.7.0", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm", "a4ecdaff44297e9b5894ae499e9a070ea1888c84afdd1fd9b7b2bc384950128e"},
|
"hackney": {:hex, :hackney, "1.18.1", "f48bf88f521f2a229fc7bae88cf4f85adc9cd9bcf23b5dc8eb6a1788c662c4f6", [:rebar3], [{:certifi, "~> 2.9.0", [hex: :certifi, repo: "hexpm", optional: false]}, {:idna, "~> 6.1.0", [hex: :idna, repo: "hexpm", optional: false]}, {:metrics, "~> 1.0.0", [hex: :metrics, repo: "hexpm", optional: false]}, {:mimerl, "~> 1.1", [hex: :mimerl, repo: "hexpm", optional: false]}, {:parse_trans, "3.3.1", [hex: :parse_trans, repo: "hexpm", optional: false]}, {:ssl_verify_fun, "~> 1.1.0", [hex: :ssl_verify_fun, repo: "hexpm", optional: false]}, {:unicode_util_compat, "~> 0.7.0", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm", "a4ecdaff44297e9b5894ae499e9a070ea1888c84afdd1fd9b7b2bc384950128e"},
|
||||||
"hpax": {:hex, :hpax, "0.1.2", "09a75600d9d8bbd064cdd741f21fc06fc1f4cf3d0fcc335e5aa19be1a7235c84", [:mix], [], "hexpm", "2c87843d5a23f5f16748ebe77969880e29809580efdaccd615cd3bed628a8c13"},
|
"hpax": {:hex, :hpax, "0.1.2", "09a75600d9d8bbd064cdd741f21fc06fc1f4cf3d0fcc335e5aa19be1a7235c84", [:mix], [], "hexpm", "2c87843d5a23f5f16748ebe77969880e29809580efdaccd615cd3bed628a8c13"},
|
||||||
"html_entities": {:hex, :html_entities, "0.5.2", "9e47e70598da7de2a9ff6af8758399251db6dbb7eebe2b013f2bbd2515895c3c", [:mix], [], "hexpm", "c53ba390403485615623b9531e97696f076ed415e8d8058b1dbaa28181f4fdcc"},
|
"html_entities": {:hex, :html_entities, "0.5.2", "9e47e70598da7de2a9ff6af8758399251db6dbb7eebe2b013f2bbd2515895c3c", [:mix], [], "hexpm", "c53ba390403485615623b9531e97696f076ed415e8d8058b1dbaa28181f4fdcc"},
|
||||||
"http_signatures": {:hex, :http_signatures, "0.1.1", "ca7ebc1b61542b163644c8c3b1f0e0f41037d35f2395940d3c6c7deceab41fd8", [:mix], [], "hexpm", "cc3b8a007322cc7b624c0c15eec49ee58ac977254ff529a3c482f681465942a3"},
|
"http_signatures": {:git, "https://akkoma.dev/AkkomaGang/http_signatures.git", "6640ce7d24c783ac2ef56e27d00d12e8dc85f396", [ref: "6640ce7d24c783ac2ef56e27d00d12e8dc85f396"]},
|
||||||
"httpoison": {:hex, :httpoison, "1.8.2", "9eb9c63ae289296a544842ef816a85d881d4a31f518a0fec089aaa744beae290", [:mix], [{:hackney, "~> 1.17", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm", "2bb350d26972e30c96e2ca74a1aaf8293d61d0742ff17f01e0279fef11599921"},
|
"httpoison": {:hex, :httpoison, "1.8.2", "9eb9c63ae289296a544842ef816a85d881d4a31f518a0fec089aaa744beae290", [:mix], [{:hackney, "~> 1.17", [hex: :hackney, repo: "hexpm", optional: false]}], "hexpm", "2bb350d26972e30c96e2ca74a1aaf8293d61d0742ff17f01e0279fef11599921"},
|
||||||
"idna": {:hex, :idna, "6.1.1", "8a63070e9f7d0c62eb9d9fcb360a7de382448200fbbd1b106cc96d3d8099df8d", [:rebar3], [{:unicode_util_compat, "~> 0.7.0", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm", "92376eb7894412ed19ac475e4a86f7b413c1b9fbb5bd16dccd57934157944cea"},
|
"idna": {:hex, :idna, "6.1.1", "8a63070e9f7d0c62eb9d9fcb360a7de382448200fbbd1b106cc96d3d8099df8d", [:rebar3], [{:unicode_util_compat, "~> 0.7.0", [hex: :unicode_util_compat, repo: "hexpm", optional: false]}], "hexpm", "92376eb7894412ed19ac475e4a86f7b413c1b9fbb5bd16dccd57934157944cea"},
|
||||||
"inet_cidr": {:hex, :inet_cidr, "1.0.4", "a05744ab7c221ca8e395c926c3919a821eb512e8f36547c062f62c4ca0cf3d6e", [:mix], [], "hexpm", "64a2d30189704ae41ca7dbdd587f5291db5d1dda1414e0774c29ffc81088c1bc"},
|
"inet_cidr": {:hex, :inet_cidr, "1.0.4", "a05744ab7c221ca8e395c926c3919a821eb512e8f36547c062f62c4ca0cf3d6e", [:mix], [], "hexpm", "64a2d30189704ae41ca7dbdd587f5291db5d1dda1414e0774c29ffc81088c1bc"},
|
||||||
|
|
|
@ -71,6 +71,35 @@ test "it returns error when not found user" do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
defp split_signature(sig) do
|
||||||
|
sig
|
||||||
|
|> String.split(",")
|
||||||
|
|> Enum.map(fn part ->
|
||||||
|
[key, value] = String.split(part, "=", parts: 2)
|
||||||
|
[key, String.trim(value, ~s|"|)]
|
||||||
|
end)
|
||||||
|
|> Enum.sort_by(fn [k, _] -> k end)
|
||||||
|
end
|
||||||
|
|
||||||
|
# Break up a signature and check by parts
|
||||||
|
defp assert_signature_equal(sig_a, sig_b) when is_binary(sig_a) and is_binary(sig_b) do
|
||||||
|
parts_a = split_signature(sig_a)
|
||||||
|
parts_b = split_signature(sig_b)
|
||||||
|
|
||||||
|
parts_a
|
||||||
|
|> Enum.with_index()
|
||||||
|
|> Enum.each(fn {part_a, index} ->
|
||||||
|
part_b = Enum.at(parts_b, index)
|
||||||
|
assert_part_equal(part_a, part_b)
|
||||||
|
end)
|
||||||
|
end
|
||||||
|
|
||||||
|
defp assert_part_equal(part_a, part_b) do
|
||||||
|
if part_a != part_b do
|
||||||
|
flunk("Signature check failed - expected #{part_a} to equal #{part_b}")
|
||||||
|
end
|
||||||
|
end
|
||||||
|
|
||||||
describe "sign/2" do
|
describe "sign/2" do
|
||||||
test "it returns signature headers" do
|
test "it returns signature headers" do
|
||||||
user =
|
user =
|
||||||
|
@ -79,14 +108,18 @@ test "it returns signature headers" do
|
||||||
keys: @private_key
|
keys: @private_key
|
||||||
})
|
})
|
||||||
|
|
||||||
assert Signature.sign(
|
headers = %{
|
||||||
user,
|
|
||||||
%{
|
|
||||||
host: "test.test",
|
host: "test.test",
|
||||||
"content-length": 100
|
"content-length": 100
|
||||||
}
|
}
|
||||||
) ==
|
|
||||||
|
assert_signature_equal(
|
||||||
|
Signature.sign(
|
||||||
|
user,
|
||||||
|
headers
|
||||||
|
),
|
||||||
"keyId=\"https://mastodon.social/users/lambadalambda#main-key\",algorithm=\"rsa-sha256\",headers=\"content-length host\",signature=\"sibUOoqsFfTDerquAkyprxzDjmJm6erYc42W5w1IyyxusWngSinq5ILTjaBxFvfarvc7ci1xAi+5gkBwtshRMWm7S+Uqix24Yg5EYafXRun9P25XVnYBEIH4XQ+wlnnzNIXQkU3PU9e6D8aajDZVp3hPJNeYt1gIPOA81bROI8/glzb1SAwQVGRbqUHHHKcwR8keiR/W2h7BwG3pVRy4JgnIZRSW7fQogKedDg02gzRXwUDFDk0pr2p3q6bUWHUXNV8cZIzlMK+v9NlyFbVYBTHctAR26GIAN6Hz0eV0mAQAePHDY1mXppbA8Gpp6hqaMuYfwifcXmcc+QFm4e+n3A==\""
|
"keyId=\"https://mastodon.social/users/lambadalambda#main-key\",algorithm=\"rsa-sha256\",headers=\"content-length host\",signature=\"sibUOoqsFfTDerquAkyprxzDjmJm6erYc42W5w1IyyxusWngSinq5ILTjaBxFvfarvc7ci1xAi+5gkBwtshRMWm7S+Uqix24Yg5EYafXRun9P25XVnYBEIH4XQ+wlnnzNIXQkU3PU9e6D8aajDZVp3hPJNeYt1gIPOA81bROI8/glzb1SAwQVGRbqUHHHKcwR8keiR/W2h7BwG3pVRy4JgnIZRSW7fQogKedDg02gzRXwUDFDk0pr2p3q6bUWHUXNV8cZIzlMK+v9NlyFbVYBTHctAR26GIAN6Hz0eV0mAQAePHDY1mXppbA8Gpp6hqaMuYfwifcXmcc+QFm4e+n3A==\""
|
||||||
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
test "it returns error" do
|
test "it returns error" do
|
||||||
|
|
|
@ -24,8 +24,10 @@ test "GET host-meta" do
|
||||||
|
|
||||||
assert response.status == 200
|
assert response.status == 200
|
||||||
|
|
||||||
assert_xml_equals(response.resp_body,
|
assert_xml_equals(
|
||||||
~s(<?xml version="1.0" encoding="UTF-8"?><XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0"><Link rel="lrdd" template="#{Pleroma.Web.Endpoint.url()}/.well-known/webfinger?resource={uri}" type="application/xrd+xml" /></XRD>))
|
response.resp_body,
|
||||||
|
~s(<?xml version="1.0" encoding="UTF-8"?><XRD xmlns="http://docs.oasis-open.org/ns/xri/xrd-1.0"><Link rel="lrdd" template="#{Pleroma.Web.Endpoint.url()}/.well-known/webfinger?resource={uri}" type="application/xrd+xml" /></XRD>)
|
||||||
|
)
|
||||||
end
|
end
|
||||||
|
|
||||||
test "Webfinger JRD" do
|
test "Webfinger JRD" do
|
||||||
|
|
|
@ -2,6 +2,15 @@ defmodule Pleroma.Test.Matchers.List do
|
||||||
import ExUnit.Assertions
|
import ExUnit.Assertions
|
||||||
|
|
||||||
def assert_unordered_list_equal(list_a, list_b) when is_list(list_a) and is_list(list_b) do
|
def assert_unordered_list_equal(list_a, list_b) when is_list(list_a) and is_list(list_b) do
|
||||||
assert Enum.sort(list_a) == Enum.sort(list_b)
|
list_a = Enum.sort(list_a)
|
||||||
|
list_b = Enum.sort(list_b)
|
||||||
|
|
||||||
|
if list_a != list_b do
|
||||||
|
flunk("Expected list
|
||||||
|
#{inspect(list_a)}
|
||||||
|
to have the same elements as
|
||||||
|
#{inspect(list_b)}
|
||||||
|
")
|
||||||
|
end
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue