tests/integration/api_federation_httpsig_test.go at forgejo

oppi.li / perf-test

fork atom

loading up the forgejo repo on tangled to test page performance

fork atom

perf-test / tests / integration / api_federation_httpsig_test.go

at forgejo 82 lines 2.5 kB view raw

wrap content

famfo feat(activitiypub): enable HTTP signatures on all ActivityPub endpoints (#7035) 1y ago

77b02755

 1// Copyright 2025 The Forgejo Authors. All rights reserved.
 2// SPDX-License-Identifier: MIT
 3
 4package integration
 5
 6import (
 7	"fmt"
 8	"net/http"
 9	"net/url"
10	"testing"
11
12	"forgejo.org/models/db"
13	"forgejo.org/models/forgefed"
14	"forgejo.org/models/unittest"
15	"forgejo.org/models/user"
16	"forgejo.org/modules/activitypub"
17	"forgejo.org/modules/setting"
18	"forgejo.org/modules/test"
19	"forgejo.org/routers"
20
21	"github.com/stretchr/testify/assert"
22	"github.com/stretchr/testify/require"
23)
24
25func TestFederationHttpSigValidation(t *testing.T) {
26	defer test.MockVariableValue(&setting.Federation.Enabled, true)()
27	defer test.MockVariableValue(&testWebRoutes, routers.NormalRoutes())()
28
29	onGiteaRun(t, func(t *testing.T, u *url.URL) {
30		userID := 2
31		userURL := fmt.Sprintf("%sapi/v1/activitypub/user-id/%d", u, userID)
32
33		user1 := unittest.AssertExistsAndLoadBean(t, &user.User{ID: 1})
34
35		clientFactory, err := activitypub.GetClientFactory(db.DefaultContext)
36		require.NoError(t, err)
37
38		apClient, err := clientFactory.WithKeys(db.DefaultContext, user1, user1.APActorKeyID())
39		require.NoError(t, err)
40
41		// Unsigned request
42		t.Run("UnsignedRequest", func(t *testing.T) {
43			req := NewRequest(t, "GET", userURL)
44			MakeRequest(t, req, http.StatusBadRequest)
45		})
46
47		// Signed request
48		t.Run("SignedRequest", func(t *testing.T) {
49			resp, err := apClient.Get(userURL)
50			require.NoError(t, err)
51			assert.Equal(t, http.StatusOK, resp.StatusCode)
52		})
53
54		// HACK HACK HACK: the host part of the URL gets set to which IP forgejo is
55		// listening on, NOT localhost, which is the Domain given to forgejo which
56		// is then used for eg. the keyID all requests
57		applicationKeyID := fmt.Sprintf("%sapi/v1/activitypub/actor#main-key", setting.AppURL)
58		actorKeyID := fmt.Sprintf("%sapi/v1/activitypub/user-id/1#main-key", setting.AppURL)
59
60		// Check for cached public keys
61		t.Run("ValidateCaches", func(t *testing.T) {
62			host, err := forgefed.FindFederationHostByKeyID(db.DefaultContext, applicationKeyID)
63			require.NoError(t, err)
64			assert.NotNil(t, host)
65			assert.True(t, host.PublicKey.Valid)
66
67			user, err := user.GetFederatedUserByKeyID(db.DefaultContext, actorKeyID)
68			require.NoError(t, err)
69			assert.NotNil(t, user)
70			assert.True(t, user.PublicKey.Valid)
71		})
72
73		// Disable signature validation
74		defer test.MockVariableValue(&setting.Federation.SignatureEnforced, false)()
75
76		// Unsigned request
77		t.Run("SignatureValidationDisabled", func(t *testing.T) {
78			req := NewRequest(t, "GET", userURL)
79			MakeRequest(t, req, http.StatusOK)
80		})
81	})
82}