tootlab-mastodon/spec/workers/pubsubhubbub/confirmation_worker_spec.rb
Eugen Rochko 1618b68bfa HTTP signatures (#4146)
* Add Request class with HTTP signature generator

Spec: https://tools.ietf.org/html/draft-cavage-http-signatures-06

* Add HTTP signature verification concern

* Add test for SignatureVerification concern

* Add basic test for Request class

* Make PuSH subscribe/unsubscribe requests use new Request class

Accidentally fix lease_seconds not being set and sent properly, and
change the new minimum subscription duration to 1 day

* Make all PuSH workers use new Request class

* Make Salmon sender use new Request class

* Make FetchLinkService use new Request class

* Make FetchAtomService use the new Request class

* Make Remotable use the new Request class

* Make ResolveRemoteAccountService use the new Request class

* Add more tests

* Allow +-30 seconds window for signed request to remain valid

* Disable time window validation for signed requests, restore 7 days
as PuSH subscription duration (which was previous default due to a bug)
2017-07-14 20:41:49 +02:00

89 lines
3.0 KiB
Ruby

# frozen_string_literal: true
require 'rails_helper'
describe Pubsubhubbub::ConfirmationWorker do
include RoutingHelper
subject { described_class.new }
let!(:alice) { Fabricate(:account, username: 'alice') }
let!(:subscription) { Fabricate(:subscription, account: alice, callback_url: 'http://example.com/api', confirmed: false, expires_at: 3.days.from_now, secret: nil) }
describe 'perform' do
describe 'with subscribe mode' do
it 'confirms and updates subscription when challenge matches' do
stub_random_value
stub_request(:get, url_for_mode('subscribe'))
.with(headers: http_headers)
.to_return(status: 200, body: challenge_value, headers: {})
seconds = 10.days.seconds.to_i
subject.perform(subscription.id, 'subscribe', 'asdf', seconds)
subscription.reload
expect(subscription.secret).to eq 'asdf'
expect(subscription.confirmed).to eq true
expect(subscription.expires_at).to be_within(5).of(10.days.from_now)
end
it 'does not update subscription when challenge does not match' do
stub_random_value
stub_request(:get, url_for_mode('subscribe'))
.with(headers: http_headers)
.to_return(status: 200, body: 'wrong value', headers: {})
seconds = 10.days.seconds.to_i
subject.perform(subscription.id, 'subscribe', 'asdf', seconds)
subscription.reload
expect(subscription.secret).to be_blank
expect(subscription.confirmed).to eq false
expect(subscription.expires_at).to be_within(5).of(3.days.from_now)
end
end
describe 'with unsubscribe mode' do
it 'confirms and destroys subscription when challenge matches' do
stub_random_value
stub_request(:get, url_for_mode('unsubscribe'))
.with(headers: http_headers)
.to_return(status: 200, body: challenge_value, headers: {})
seconds = 10.days.seconds.to_i
subject.perform(subscription.id, 'unsubscribe', 'asdf', seconds)
expect { subscription.reload }.to raise_error(ActiveRecord::RecordNotFound)
end
it 'does not destroy subscription when challenge does not match' do
stub_random_value
stub_request(:get, url_for_mode('unsubscribe'))
.with(headers: http_headers)
.to_return(status: 200, body: 'wrong value', headers: {})
seconds = 10.days.seconds.to_i
subject.perform(subscription.id, 'unsubscribe', 'asdf', seconds)
expect { subscription.reload }.not_to raise_error
end
end
end
def url_for_mode(mode)
"http://example.com/api?hub.challenge=#{challenge_value}&hub.lease_seconds=863999&hub.mode=#{mode}&hub.topic=https://#{Rails.configuration.x.local_domain}/users/alice.atom"
end
def stub_random_value
allow(SecureRandom).to receive(:hex).and_return(challenge_value)
end
def challenge_value
'1a2s3d4f'
end
def http_headers
{ 'Connection' => 'close', 'Host' => 'example.com', 'User-Agent' => 'http.rb/2.2.2 (Mastodon/1.4.7; +https://cb6e6126.ngrok.io/)' }
end
end