mirror of
https://codeberg.org/forgejo/forgejo.git
synced 2025-08-06 03:06:44 +02:00
e271c24100
Fix parts of issue https://codeberg.org/forgejo/forgejo/issues/8221 and PR https://codeberg.org/forgejo/forgejo/pulls/4767 - PostgreSQL - TestActivityPubPerson/SignedRequestValidation ``` --- FAIL: TestActivityPubPerson/SignedRequestValidation (5.01s) api_activitypub_person_test.go:51: Error Trace: /workspace/forgejo/forgejo/tests/integration/api_activitypub_person_test.go:51 Error: Received unexpected error: Get "http://127.0.0.1:3002/api/v1/activitypub/user-id/2": context deadline exceeded (Client.Timeout exceeded while awaiting headers) Test: TestActivityPubPerson/SignedRequestValidation testlogger.go:411: 2025/06/24 00:12:27 ...eb/routing/logger.go:102:func1() [I] router: completed GET /api/v1/activitypub/user-id/2 for 127.0.0.1:50456, 200 OK in 5032.2ms @ activitypub/person.go:21(activitypub.Person) ``` Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/8274 Reviewed-by: Earl Warren <earl-warren@noreply.codeberg.org> Co-authored-by: Michael Jerger <michael.jerger@meissa-gmbh.de> Co-committed-by: Michael Jerger <michael.jerger@meissa-gmbh.de>
82 lines
2.5 KiB
Go
82 lines
2.5 KiB
Go
// Copyright 2025 The Forgejo Authors. All rights reserved.
|
|
// SPDX-License-Identifier: MIT
|
|
|
|
package integration
|
|
|
|
import (
|
|
"fmt"
|
|
"net/http"
|
|
"net/url"
|
|
"testing"
|
|
|
|
"forgejo.org/models/db"
|
|
"forgejo.org/models/forgefed"
|
|
"forgejo.org/models/unittest"
|
|
"forgejo.org/models/user"
|
|
"forgejo.org/modules/activitypub"
|
|
"forgejo.org/modules/setting"
|
|
"forgejo.org/modules/test"
|
|
"forgejo.org/routers"
|
|
|
|
"github.com/stretchr/testify/assert"
|
|
"github.com/stretchr/testify/require"
|
|
)
|
|
|
|
func TestFederationHttpSigValidation(t *testing.T) {
|
|
defer test.MockVariableValue(&setting.Federation.Enabled, true)()
|
|
defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
|
|
|
|
onGiteaRun(t, func(t *testing.T, u *url.URL) {
|
|
userID := 2
|
|
userURL := fmt.Sprintf("%sapi/v1/activitypub/user-id/%d", u, userID)
|
|
|
|
user1 := unittest.AssertExistsAndLoadBean(t, &user.User{ID: 1})
|
|
|
|
clientFactory, err := activitypub.GetClientFactory(db.DefaultContext)
|
|
require.NoError(t, err)
|
|
|
|
apClient, err := clientFactory.WithKeys(db.DefaultContext, user1, user1.KeyID())
|
|
require.NoError(t, err)
|
|
|
|
// Unsigned request
|
|
t.Run("UnsignedRequest", func(t *testing.T) {
|
|
req := NewRequest(t, "GET", userURL)
|
|
MakeRequest(t, req, http.StatusBadRequest)
|
|
})
|
|
|
|
// Signed request
|
|
t.Run("SignedRequest", func(t *testing.T) {
|
|
resp, err := apClient.Get(userURL)
|
|
require.NoError(t, err)
|
|
assert.Equal(t, http.StatusOK, resp.StatusCode)
|
|
})
|
|
|
|
// HACK HACK HACK: the host part of the URL gets set to which IP forgejo is
|
|
// listening on, NOT localhost, which is the Domain given to forgejo which
|
|
// is then used for eg. the keyID all requests
|
|
applicationKeyID := fmt.Sprintf("%sapi/v1/activitypub/actor#main-key", setting.AppURL)
|
|
actorKeyID := fmt.Sprintf("%sapi/v1/activitypub/user-id/1#main-key", setting.AppURL)
|
|
|
|
// Check for cached public keys
|
|
t.Run("ValidateCaches", func(t *testing.T) {
|
|
host, err := forgefed.FindFederationHostByKeyID(db.DefaultContext, applicationKeyID)
|
|
require.NoError(t, err)
|
|
assert.NotNil(t, host)
|
|
assert.True(t, host.PublicKey.Valid)
|
|
|
|
_, user, err := user.FindFederatedUserByKeyID(db.DefaultContext, actorKeyID)
|
|
require.NoError(t, err)
|
|
assert.NotNil(t, user)
|
|
assert.True(t, user.PublicKey.Valid)
|
|
})
|
|
|
|
// Disable signature validation
|
|
defer test.MockVariableValue(&setting.Federation.SignatureEnforced, false)()
|
|
|
|
// Unsigned request
|
|
t.Run("SignatureValidationDisabled", func(t *testing.T) {
|
|
req := NewRequest(t, "GET", userURL)
|
|
MakeRequest(t, req, http.StatusOK)
|
|
})
|
|
})
|
|
}
|