mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-09-15 18:56:59 +00:00
adjust instance actor & clean-up signature handling
This commit is contained in:
Michael Jerger
parent
debd74e1b6
commit
e48a482185
5 changed files with 70 additions and 26 deletions
|
|
@ -29,7 +29,7 @@ func TestActivityPubClientBodySize(t *testing.T) {
|
||||||
clientFactory, err := activitypub.GetClientFactory(db.DefaultContext)
|
clientFactory, err := activitypub.GetClientFactory(db.DefaultContext)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
apClient, err := clientFactory.WithKeys(db.DefaultContext, user1, user1.APActorKeyID())
|
apClient, err := clientFactory.WithKeys(db.DefaultContext, user1, user1.KeyID())
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
url := u.JoinPath("/api/v1/nodeinfo").String()
|
url := u.JoinPath("/api/v1/nodeinfo").String()
|
||||||
|
|
|
||||||
|
|
@ -4,12 +4,18 @@
|
||||||
package integration
|
package integration
|
||||||
|
|
||||||
import (
|
import (
|
||||||
|
"fmt"
|
||||||
"net/http"
|
"net/http"
|
||||||
|
"net/url"
|
||||||
|
"strconv"
|
||||||
"testing"
|
"testing"
|
||||||
|
|
||||||
|
"forgejo.org/modules/forgefed"
|
||||||
"forgejo.org/modules/setting"
|
"forgejo.org/modules/setting"
|
||||||
"forgejo.org/modules/test"
|
"forgejo.org/modules/test"
|
||||||
"forgejo.org/routers"
|
"forgejo.org/routers"
|
||||||
|
"forgejo.org/services/contexttest"
|
||||||
|
"forgejo.org/services/federation"
|
||||||
"forgejo.org/tests"
|
"forgejo.org/tests"
|
||||||
|
|
||||||
ap "github.com/go-ap/activitypub"
|
ap "github.com/go-ap/activitypub"
|
||||||
|
|
@ -31,10 +37,9 @@ func TestActivityPubActor(t *testing.T) {
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
assert.Equal(t, ap.ApplicationType, actor.Type)
|
assert.Equal(t, ap.ApplicationType, actor.Type)
|
||||||
assert.Equal(t, setting.Domain, actor.PreferredUsername.String())
|
assert.Equal(t, "ghost", actor.PreferredUsername.String())
|
||||||
keyID := actor.GetID().String()
|
keyID := actor.GetID().String()
|
||||||
assert.Regexp(t, "activitypub/actor$", keyID)
|
assert.Regexp(t, "activitypub/actor$", keyID)
|
||||||
assert.Regexp(t, "activitypub/actor/outbox$", actor.Outbox.GetID().String())
|
|
||||||
assert.Regexp(t, "activitypub/actor/inbox$", actor.Inbox.GetID().String())
|
assert.Regexp(t, "activitypub/actor/inbox$", actor.Inbox.GetID().String())
|
||||||
|
|
||||||
pubKey := actor.PublicKey
|
pubKey := actor.PublicKey
|
||||||
|
|
@ -46,3 +51,27 @@ func TestActivityPubActor(t *testing.T) {
|
||||||
assert.NotNil(t, pubKeyPem)
|
assert.NotNil(t, pubKeyPem)
|
||||||
assert.Regexp(t, "^-----BEGIN PUBLIC KEY-----", pubKeyPem)
|
assert.Regexp(t, "^-----BEGIN PUBLIC KEY-----", pubKeyPem)
|
||||||
}
|
}
|
||||||
|
|
||||||
|
func TestActorNewFromKeyId(t *testing.T) {
|
||||||
|
defer test.MockVariableValue(&setting.Federation.Enabled, true)()
|
||||||
|
defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
|
||||||
|
|
||||||
|
onGiteaRun(t, func(t *testing.T, u *url.URL) {
|
||||||
|
ctx, _ := contexttest.MockAPIContext(t, "/api/v1/activitypub/actor")
|
||||||
|
sut, err := federation.NewActorIDFromKeyID(ctx.Base, fmt.Sprintf("%sapi/v1/activitypub/actor#main-key", u))
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
port, err := strconv.ParseUint(u.Port(), 10, 16)
|
||||||
|
require.NoError(t, err)
|
||||||
|
|
||||||
|
assert.Equal(t, forgefed.ActorID{
|
||||||
|
ID: "actor",
|
||||||
|
HostSchema: "http",
|
||||||
|
Path: "api/v1/activitypub",
|
||||||
|
Host: setting.Domain,
|
||||||
|
HostPort: uint16(port),
|
||||||
|
UnvalidatedInput: fmt.Sprintf("http://%s:%d/api/v1/activitypub/actor", setting.Domain, port),
|
||||||
|
IsPortSupplemented: false,
|
||||||
|
}, sut)
|
||||||
|
})
|
||||||
|
}
|
||||||
|
|
|
||||||
|
|
@ -24,30 +24,40 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestActivityPubPerson(t *testing.T) {
|
func TestActivityPubPerson(t *testing.T) {
|
||||||
|
defer tests.PrepareTestEnv(t)()
|
||||||
defer test.MockVariableValue(&setting.Federation.Enabled, true)()
|
defer test.MockVariableValue(&setting.Federation.Enabled, true)()
|
||||||
defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
|
defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
|
||||||
onGiteaRun(t, func(t *testing.T, u *url.URL) {
|
|
||||||
userID := 2
|
|
||||||
username := "user2"
|
|
||||||
userURL := fmt.Sprintf("%sapi/v1/activitypub/user-id/%d", u, userID)
|
|
||||||
|
|
||||||
user1 := unittest.AssertExistsAndLoadBean(t, &user_model.User{ID: 1})
|
mock := test.NewFederationServerMock()
|
||||||
|
federatedSrv := mock.DistantServer(t)
|
||||||
|
defer federatedSrv.Close()
|
||||||
|
|
||||||
clientFactory, err := activitypub.GetClientFactory(db.DefaultContext)
|
onGiteaRun(t, func(t *testing.T, localUrl *url.URL) {
|
||||||
|
defer test.MockVariableValue(&setting.AppURL, localUrl.String())()
|
||||||
|
|
||||||
|
localUserID := 2
|
||||||
|
localUserName := "user2"
|
||||||
|
localUserURL := fmt.Sprintf("%sapi/v1/activitypub/user-id/%d", localUrl, localUserID)
|
||||||
|
|
||||||
|
// distantURL := federatedSrv.URL
|
||||||
|
// distantUser15URL := fmt.Sprintf("%s/api/v1/activitypub/user-id/15", distantURL)
|
||||||
|
|
||||||
|
cf, err := activitypub.GetClientFactory(db.DefaultContext)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
apClient, err := clientFactory.WithKeys(db.DefaultContext, user1, user1.APActorKeyID())
|
c, err := cf.WithKeysDirect(db.DefaultContext, mock.Persons[0].PrivKey,
|
||||||
|
mock.Persons[0].KeyID(federatedSrv.URL))
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
// Unsigned request
|
// Unsigned request
|
||||||
t.Run("UnsignedRequest", func(t *testing.T) {
|
t.Run("UnsignedRequest", func(t *testing.T) {
|
||||||
req := NewRequest(t, "GET", userURL)
|
req := NewRequest(t, "GET", localUserURL)
|
||||||
MakeRequest(t, req, http.StatusBadRequest)
|
MakeRequest(t, req, http.StatusBadRequest)
|
||||||
})
|
})
|
||||||
|
|
||||||
t.Run("SignedRequestValidation", func(t *testing.T) {
|
t.Run("SignedRequestValidation", func(t *testing.T) {
|
||||||
// Signed request
|
// Signed request
|
||||||
resp, err := apClient.GetBody(userURL)
|
resp, err := c.GetBody(localUserURL)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
var person ap.Person
|
var person ap.Person
|
||||||
|
|
@ -55,13 +65,12 @@ func TestActivityPubPerson(t *testing.T) {
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
assert.Equal(t, ap.PersonType, person.Type)
|
assert.Equal(t, ap.PersonType, person.Type)
|
||||||
assert.Equal(t, username, person.PreferredUsername.String())
|
assert.Equal(t, localUserName, person.PreferredUsername.String())
|
||||||
assert.Regexp(t, fmt.Sprintf("activitypub/user-id/%d$", userID), person.GetID())
|
assert.Regexp(t, fmt.Sprintf("activitypub/user-id/%d$", localUserID), person.GetID())
|
||||||
assert.Regexp(t, fmt.Sprintf("activitypub/user-id/%d/outbox$", userID), person.Outbox.GetID().String())
|
assert.Regexp(t, fmt.Sprintf("activitypub/user-id/%d/inbox$", localUserID), person.Inbox.GetID().String())
|
||||||
assert.Regexp(t, fmt.Sprintf("activitypub/user-id/%d/inbox$", userID), person.Inbox.GetID().String())
|
|
||||||
|
|
||||||
assert.NotNil(t, person.PublicKey)
|
assert.NotNil(t, person.PublicKey)
|
||||||
assert.Regexp(t, fmt.Sprintf("activitypub/user-id/%d#main-key$", userID), person.PublicKey.ID)
|
assert.Regexp(t, fmt.Sprintf("activitypub/user-id/%d#main-key$", localUserID), person.PublicKey.ID)
|
||||||
|
|
||||||
assert.NotNil(t, person.PublicKey.PublicKeyPem)
|
assert.NotNil(t, person.PublicKey.PublicKeyPem)
|
||||||
assert.Regexp(t, "^-----BEGIN PUBLIC KEY-----", person.PublicKey.PublicKeyPem)
|
assert.Regexp(t, "^-----BEGIN PUBLIC KEY-----", person.PublicKey.PublicKeyPem)
|
||||||
|
|
|
||||||
|
|
@ -26,18 +26,22 @@ import (
|
||||||
)
|
)
|
||||||
|
|
||||||
func TestActivityPubRepository(t *testing.T) {
|
func TestActivityPubRepository(t *testing.T) {
|
||||||
|
defer tests.PrepareTestEnv(t)()
|
||||||
defer test.MockVariableValue(&setting.Federation.Enabled, true)()
|
defer test.MockVariableValue(&setting.Federation.Enabled, true)()
|
||||||
defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
|
defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
|
||||||
|
|
||||||
|
mock := test.NewFederationServerMock()
|
||||||
|
federatedSrv := mock.DistantServer(t)
|
||||||
|
defer federatedSrv.Close()
|
||||||
|
|
||||||
onGiteaRun(t, func(t *testing.T, u *url.URL) {
|
onGiteaRun(t, func(t *testing.T, u *url.URL) {
|
||||||
repositoryID := 2
|
repositoryID := 2
|
||||||
|
|
||||||
apServerActor := user.NewAPServerActor()
|
|
||||||
|
|
||||||
cf, err := activitypub.GetClientFactory(db.DefaultContext)
|
cf, err := activitypub.GetClientFactory(db.DefaultContext)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
c, err := cf.WithKeys(db.DefaultContext, apServerActor, apServerActor.APActorKeyID())
|
c, err := cf.WithKeysDirect(db.DefaultContext, mock.Persons[0].PrivKey,
|
||||||
|
mock.Persons[0].KeyID(federatedSrv.URL))
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
resp, err := c.GetBody(fmt.Sprintf("%sapi/v1/activitypub/repository-id/%d", u, repositoryID))
|
resp, err := c.GetBody(fmt.Sprintf("%sapi/v1/activitypub/repository-id/%d", u, repositoryID))
|
||||||
|
|
@ -53,9 +57,10 @@ func TestActivityPubRepository(t *testing.T) {
|
||||||
}
|
}
|
||||||
|
|
||||||
func TestActivityPubMissingRepository(t *testing.T) {
|
func TestActivityPubMissingRepository(t *testing.T) {
|
||||||
defer test.MockVariableValue(&setting.Federation.Enabled, true)()
|
|
||||||
defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
|
|
||||||
defer tests.PrepareTestEnv(t)()
|
defer tests.PrepareTestEnv(t)()
|
||||||
|
defer test.MockVariableValue(&setting.Federation.Enabled, true)()
|
||||||
|
defer test.MockVariableValue(&setting.Federation.SignatureEnforced, false)()
|
||||||
|
defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
|
||||||
|
|
||||||
repositoryID := 9999999
|
repositoryID := 9999999
|
||||||
req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/activitypub/repository-id/%d", repositoryID))
|
req := NewRequest(t, "GET", fmt.Sprintf("/api/v1/activitypub/repository-id/%d", repositoryID))
|
||||||
|
|
@ -72,14 +77,14 @@ func TestActivityPubRepositoryInboxValid(t *testing.T) {
|
||||||
defer federatedSrv.Close()
|
defer federatedSrv.Close()
|
||||||
|
|
||||||
onGiteaRun(t, func(t *testing.T, u *url.URL) {
|
onGiteaRun(t, func(t *testing.T, u *url.URL) {
|
||||||
apServerActor := user.NewAPServerActor()
|
|
||||||
repositoryID := 2
|
repositoryID := 2
|
||||||
timeNow := time.Now().UTC()
|
timeNow := time.Now().UTC()
|
||||||
|
|
||||||
cf, err := activitypub.GetClientFactory(db.DefaultContext)
|
cf, err := activitypub.GetClientFactory(db.DefaultContext)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
c, err := cf.WithKeys(db.DefaultContext, apServerActor, apServerActor.APActorKeyID())
|
c, err := cf.WithKeysDirect(db.DefaultContext, mock.Persons[0].PrivKey,
|
||||||
|
mock.Persons[0].KeyID(federatedSrv.URL))
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
repoInboxURL := u.JoinPath(fmt.Sprintf("/api/v1/activitypub/repository-id/%d/inbox", repositoryID)).String()
|
repoInboxURL := u.JoinPath(fmt.Sprintf("/api/v1/activitypub/repository-id/%d/inbox", repositoryID)).String()
|
||||||
|
|
@ -148,6 +153,7 @@ func TestActivityPubRepositoryInboxValid(t *testing.T) {
|
||||||
|
|
||||||
func TestActivityPubRepositoryInboxInvalid(t *testing.T) {
|
func TestActivityPubRepositoryInboxInvalid(t *testing.T) {
|
||||||
defer test.MockVariableValue(&setting.Federation.Enabled, true)()
|
defer test.MockVariableValue(&setting.Federation.Enabled, true)()
|
||||||
|
defer test.MockVariableValue(&setting.Federation.SignatureEnforced, false)()
|
||||||
defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
|
defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
|
||||||
|
|
||||||
onGiteaRun(t, func(t *testing.T, u *url.URL) {
|
onGiteaRun(t, func(t *testing.T, u *url.URL) {
|
||||||
|
|
@ -157,7 +163,7 @@ func TestActivityPubRepositoryInboxInvalid(t *testing.T) {
|
||||||
cf, err := activitypub.GetClientFactory(db.DefaultContext)
|
cf, err := activitypub.GetClientFactory(db.DefaultContext)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
c, err := cf.WithKeys(db.DefaultContext, apServerActor, apServerActor.APActorKeyID())
|
c, err := cf.WithKeys(db.DefaultContext, apServerActor, apServerActor.KeyID())
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
repoInboxURL := u.JoinPath(fmt.Sprintf("/api/v1/activitypub/repository-id/%d/inbox", repositoryID)).String()
|
repoInboxURL := u.JoinPath(fmt.Sprintf("/api/v1/activitypub/repository-id/%d/inbox", repositoryID)).String()
|
||||||
|
|
|
||||||
|
|
@ -35,7 +35,7 @@ func TestFederationHttpSigValidation(t *testing.T) {
|
||||||
clientFactory, err := activitypub.GetClientFactory(db.DefaultContext)
|
clientFactory, err := activitypub.GetClientFactory(db.DefaultContext)
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
apClient, err := clientFactory.WithKeys(db.DefaultContext, user1, user1.APActorKeyID())
|
apClient, err := clientFactory.WithKeys(db.DefaultContext, user1, user1.KeyID())
|
||||||
require.NoError(t, err)
|
require.NoError(t, err)
|
||||||
|
|
||||||
// Unsigned request
|
// Unsigned request
|
||||||
|
|
|
||||||
Loading…
Add table
Add a link
Reference in a new issue