bookwyrm/bookwyrm/tests/test_signing.py

""" getting and verifying signatures """
import time
from collections import namedtuple
from urllib.parse import urlsplit
import pathlib
from unittest.mock import patch

import json
import responses

import pytest

from django.test import TestCase, Client
from django.utils.http import http_date

from bookwyrm import models
from bookwyrm.activitypub import Follow
from bookwyrm.settings import DOMAIN
from bookwyrm.signatures import create_key_pair, make_signature, make_digest


def get_follow_activity(follower, followee):
    """generates a test activity"""
    return Follow(
        id="https://test.com/user/follow/id",
        actor=follower.remote_id,
        object=followee.remote_id,
    ).serialize()


KeyPair = namedtuple("KeyPair", ("private_key", "public_key"))
Sender = namedtuple("Sender", ("remote_id", "key_pair"))


class Signature(TestCase):
    """signature test"""

    # pylint: disable=invalid-name
    def setUp(self):
        """create users and test data"""
        with patch("bookwyrm.suggested_users.rerank_suggestions_task.delay"), patch(
            "bookwyrm.activitystreams.populate_stream_task.delay"
        ), patch("bookwyrm.lists_stream.populate_lists_task.delay"):
            self.mouse = models.User.objects.create_user(
                f"mouse@{DOMAIN}",
                "mouse@example.com",
                "",
                local=True,
                localname="mouse",
            )
            self.rat = models.User.objects.create_user(
                f"rat@{DOMAIN}", "rat@example.com", "", local=True, localname="rat"
            )
            self.cat = models.User.objects.create_user(
                f"cat@{DOMAIN}", "cat@example.com", "", local=True, localname="cat"
            )

        private_key, public_key = create_key_pair()

        self.fake_remote = Sender(
            "http://localhost/user/remote", KeyPair(private_key, public_key)
        )

        models.SiteSettings.objects.create()

    def send(self, signature, now, data, digest):
        """test request"""
        client = Client()
        return client.post(
            urlsplit(self.rat.inbox).path,
            data=data,
            content_type="application/json",
            **{
                "HTTP_DATE": now,
                "HTTP_SIGNATURE": signature,
                "HTTP_DIGEST": digest,
                "HTTP_CONTENT_TYPE": "application/activity+json; charset=utf-8",
                "HTTP_HOST": DOMAIN,
            },
        )

    def send_test_request(  # pylint: disable=too-many-arguments
        self, sender, signer=None, send_data=None, digest=None, date=None
    ):
        """sends a follow request to the "rat" user"""
        now = date or http_date()
        data = json.dumps(get_follow_activity(sender, self.rat))
        digest = digest or make_digest(data)
        signature = make_signature(
            "post", signer or sender, self.rat.inbox, now, digest
        )
        with patch("bookwyrm.views.inbox.activity_task.apply_async"):
            with patch("bookwyrm.models.user.set_remote_server.delay"):
                return self.send(signature, now, send_data or data, digest)

    def test_correct_signature(self):
        """this one should just work"""
        response = self.send_test_request(sender=self.mouse)
        self.assertEqual(response.status_code, 200)

    def test_wrong_signature(self):
        """Messages must be signed by the right actor.
        (cat cannot sign messages on behalf of mouse)"""
        response = self.send_test_request(sender=self.mouse, signer=self.cat)
        self.assertEqual(response.status_code, 401)

    @responses.activate
    def test_remote_signer(self):
        """signtures for remote users"""
        datafile = pathlib.Path(__file__).parent.joinpath("data/ap_user.json")
        data = json.loads(datafile.read_bytes())
        data["id"] = self.fake_remote.remote_id
        data["publicKey"]["publicKeyPem"] = self.fake_remote.key_pair.public_key
        del data["icon"]  # Avoid having to return an avatar.
        responses.add(responses.GET, self.fake_remote.remote_id, json=data, status=200)
        responses.add(
            responses.GET, "https://localhost/.well-known/nodeinfo", status=404
        )
        responses.add(
            responses.GET,
            "https://example.com/user/mouse/outbox?page=true",
            json={"orderedItems": []},
            status=200,
        )

        with patch("bookwyrm.models.user.get_remote_reviews.delay"):
            response = self.send_test_request(sender=self.fake_remote)
            self.assertEqual(response.status_code, 200)

    @responses.activate
    def test_key_needs_refresh(self):
        """an out of date key should be updated and the new key work"""
        datafile = pathlib.Path(__file__).parent.joinpath("data/ap_user.json")
        data = json.loads(datafile.read_bytes())
        data["id"] = self.fake_remote.remote_id
        data["publicKey"]["publicKeyPem"] = self.fake_remote.key_pair.public_key
        del data["icon"]  # Avoid having to return an avatar.
        responses.add(responses.GET, self.fake_remote.remote_id, json=data, status=200)
        responses.add(
            responses.GET, "https://localhost/.well-known/nodeinfo", status=404
        )

        # Second and subsequent fetches get a different key:
        key_pair = KeyPair(*create_key_pair())
        new_sender = Sender(self.fake_remote.remote_id, key_pair)
        data["publicKey"]["publicKeyPem"] = key_pair.public_key
        responses.add(responses.GET, self.fake_remote.remote_id, json=data, status=200)

        with patch("bookwyrm.models.user.get_remote_reviews.delay"):
            # Key correct:
            response = self.send_test_request(sender=self.fake_remote)
            self.assertEqual(response.status_code, 200)

            # Old key is cached, so still works:
            response = self.send_test_request(sender=self.fake_remote)
            self.assertEqual(response.status_code, 200)

            # Try with new key:
            response = self.send_test_request(sender=new_sender)
            self.assertEqual(response.status_code, 200)

            # Now the old key will fail:
            response = self.send_test_request(sender=self.fake_remote)
            self.assertEqual(response.status_code, 401)

    @responses.activate
    def test_nonexistent_signer(self):
        """fail when unable to look up signer"""
        responses.add(
            responses.GET,
            self.fake_remote.remote_id,
            json={"error": "not found"},
            status=404,
        )

        response = self.send_test_request(sender=self.fake_remote)
        self.assertEqual(response.status_code, 401)

    @pytest.mark.integration
    def test_changed_data(self):
        """Message data must match the digest header."""
        with patch("bookwyrm.activitypub.resolve_remote_id"):
            response = self.send_test_request(
                self.mouse, send_data=get_follow_activity(self.mouse, self.cat)
            )
            self.assertEqual(response.status_code, 401)

    @pytest.mark.integration
    def test_invalid_digest(self):
        """signature digest must be valid"""
        with patch("bookwyrm.activitypub.resolve_remote_id"):
            response = self.send_test_request(
                self.mouse, digest="SHA-256=AAAAAAAAAAAAAAAAAA"
            )
            self.assertEqual(response.status_code, 401)

    @pytest.mark.integration
    def test_old_message(self):
        """Old messages should be rejected to prevent replay attacks."""
        with patch("bookwyrm.activitypub.resolve_remote_id"):
            response = self.send_test_request(
                self.mouse, date=http_date(time.time() - 301)
            )
            self.assertEqual(response.status_code, 401)
Runs black 2021-03-08 16:49:10 +00:00			`""" getting and verifying signatures """`
Check that the date in the signature isn't too old. 2020-05-20 14:26:01 +00:00			`import time`
Add tests for remote actors (fetch keys via http.) 2020-05-13 11:26:07 +00:00			`from collections import namedtuple`
Add test for use of the wrong signature. 2020-05-13 10:18:48 +00:00			`from urllib.parse import urlsplit`
Use get_or_create_remote_user from get_public_key. 2020-05-21 15:32:28 +00:00			`import pathlib`
Mocks celery task for follow request 2020-11-27 21:02:26 +00:00			`from unittest.mock import patch`
Add test for use of the wrong signature. 2020-05-13 10:18:48 +00:00
Add digests for outgoing messages, and testing. 2020-05-19 20:33:47 +00:00			`import json`
Add tests for remote actors (fetch keys via http.) 2020-05-13 11:26:07 +00:00			`import responses`

Create example marker to avoid tests that require external domain 2020-11-08 21:07:37 +00:00			`import pytest`

Add test for use of the wrong signature. 2020-05-13 10:18:48 +00:00			`from django.test import TestCase, Client`
			`from django.utils.http import http_date`

Smarter way of inferring serializers (which are explicitly present) 2021-02-17 02:59:26 +00:00			`from bookwyrm import models`
Updates migrations To get the app working again I ran resetdb, let it crash in initdb, then ran the migration, then re-ran initdb 2020-09-21 15:10:37 +00:00			`from bookwyrm.activitypub import Follow`
			`from bookwyrm.settings import DOMAIN`
			`from bookwyrm.signatures import create_key_pair, make_signature, make_digest`
Add digests for outgoing messages, and testing. 2020-05-19 20:33:47 +00:00
Runs black 2021-03-08 16:49:10 +00:00
Smarter way of inferring serializers (which are explicitly present) 2021-02-17 02:59:26 +00:00			`def get_follow_activity(follower, followee):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""generates a test activity"""`
Smarter way of inferring serializers (which are explicitly present) 2021-02-17 02:59:26 +00:00			`return Follow(`
Runs black 2021-03-08 16:49:10 +00:00			`id="https://test.com/user/follow/id",`
Use dataclasses to define activitypub (de)serialization (#177) * Use dataclasses to define activitypub (de)serialization 2020-09-17 20:02:52 +00:00			`actor=follower.remote_id,`
			`object=followee.remote_id,`
			`).serialize()`
Add test for use of the wrong signature. 2020-05-13 10:18:48 +00:00
Runs black 2021-03-08 16:49:10 +00:00
			`KeyPair = namedtuple("KeyPair", ("private_key", "public_key"))`
			`Sender = namedtuple("Sender", ("remote_id", "key_pair"))`

Add tests for remote actors (fetch keys via http.) 2020-05-13 11:26:07 +00:00
Add test for use of the wrong signature. 2020-05-13 10:18:48 +00:00			`class Signature(TestCase):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""signature test"""`
Runs black 2021-03-08 16:49:10 +00:00
Fixes mocks in tests 2023-01-25 17:32:45 +00:00			`# pylint: disable=invalid-name`
Add test for use of the wrong signature. 2020-05-13 10:18:48 +00:00			`def setUp(self):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""create users and test data"""`
Where you need one mock, you probably need the other 2021-09-06 21:48:45 +00:00			`with patch("bookwyrm.suggested_users.rerank_suggestions_task.delay"), patch(`
			`"bookwyrm.activitystreams.populate_stream_task.delay"`
Updates test_* tests 2021-12-09 21:01:50 +00:00			`), patch("bookwyrm.lists_stream.populate_lists_task.delay"):`
Track changed fields in activity to model code 2021-08-03 15:48:15 +00:00			`self.mouse = models.User.objects.create_user(`
Updates test_* tests 2021-12-09 21:01:50 +00:00			`f"mouse@{DOMAIN}",`
Track changed fields in activity to model code 2021-08-03 15:48:15 +00:00			`"mouse@example.com",`
			`"",`
			`local=True,`
			`localname="mouse",`
			`)`
			`self.rat = models.User.objects.create_user(`
Updates test_* tests 2021-12-09 21:01:50 +00:00			`f"rat@{DOMAIN}", "rat@example.com", "", local=True, localname="rat"`
Track changed fields in activity to model code 2021-08-03 15:48:15 +00:00			`)`
			`self.cat = models.User.objects.create_user(`
Updates test_* tests 2021-12-09 21:01:50 +00:00			`f"cat@{DOMAIN}", "cat@example.com", "", local=True, localname="cat"`
Track changed fields in activity to model code 2021-08-03 15:48:15 +00:00			`)`
Add test for use of the wrong signature. 2020-05-13 10:18:48 +00:00
Move signature code into fedireads.signatures. 2020-05-14 13:24:37 +00:00			`private_key, public_key = create_key_pair()`
Add tests for remote actors (fetch keys via http.) 2020-05-13 11:26:07 +00:00
			`self.fake_remote = Sender(`
Runs black 2021-03-08 16:49:10 +00:00			`"http://localhost/user/remote", KeyPair(private_key, public_key)`
Add tests for remote actors (fetch keys via http.) 2020-05-13 11:26:07 +00:00			`)`

Refactors test mocks 2021-08-02 23:05:40 +00:00			`models.SiteSettings.objects.create()`
Smarter way of inferring serializers (which are explicitly present) 2021-02-17 02:59:26 +00:00
Fix invalid digest test. 2020-08-19 13:26:55 +00:00			`def send(self, signature, now, data, digest):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""test request"""`
Various pylint complaince fixes 2022-04-08 21:23:37 +00:00			`client = Client()`
			`return client.post(`
Add test for use of the wrong signature. 2020-05-13 10:18:48 +00:00			`urlsplit(self.rat.inbox).path,`
Add digests for outgoing messages, and testing. 2020-05-19 20:33:47 +00:00			`data=data,`
Runs black 2021-03-08 16:49:10 +00:00			`content_type="application/json",`
Add test for use of the wrong signature. 2020-05-13 10:18:48 +00:00			`**{`
Runs black 2021-03-08 16:49:10 +00:00			`"HTTP_DATE": now,`
			`"HTTP_SIGNATURE": signature,`
			`"HTTP_DIGEST": digest,`
			`"HTTP_CONTENT_TYPE": "application/activity+json; charset=utf-8",`
			`"HTTP_HOST": DOMAIN,`
Updates test_* tests 2021-12-09 21:01:50 +00:00			`},`
Add test for use of the wrong signature. 2020-05-13 10:18:48 +00:00			`)`

Runs black 2021-03-08 16:49:10 +00:00			`def send_test_request( # pylint: disable=too-many-arguments`
			`self, sender, signer=None, send_data=None, digest=None, date=None`
			`):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""sends a follow request to the "rat" user"""`
Check that the date in the signature isn't too old. 2020-05-20 14:26:01 +00:00			`now = date or http_date()`
Smarter way of inferring serializers (which are explicitly present) 2021-02-17 02:59:26 +00:00			`data = json.dumps(get_follow_activity(sender, self.rat))`
Fix invalid digest test. 2020-08-19 13:26:55 +00:00			`digest = digest or make_digest(data)`
black formatting 2023-01-20 05:31:27 +00:00			`signature = make_signature(`
			`"post", signer or sender, self.rat.inbox, now, digest`
			`)`
Update test_signing.py 2023-01-26 15:19:53 +00:00			`with patch("bookwyrm.views.inbox.activity_task.apply_async"):`
Runs black 2021-03-08 16:49:10 +00:00			`with patch("bookwyrm.models.user.set_remote_server.delay"):`
mock celery task in test signing 2020-12-03 20:50:21 +00:00			`return self.send(signature, now, send_data or data, digest)`
Add digests for outgoing messages, and testing. 2020-05-19 20:33:47 +00:00
Mocks celery task for follow request 2020-11-27 21:02:26 +00:00			`def test_correct_signature(self):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""this one should just work"""`
Mocks celery task for follow request 2020-11-27 21:02:26 +00:00			`response = self.send_test_request(sender=self.mouse)`
			`self.assertEqual(response.status_code, 200)`
Check all signatures are signed by the right actor. 2020-05-13 10:40:57 +00:00
			`def test_wrong_signature(self):`
Runs black 2021-03-08 16:49:10 +00:00			`"""Messages must be signed by the right actor.`
			`(cat cannot sign messages on behalf of mouse)"""`
Add digests for outgoing messages, and testing. 2020-05-19 20:33:47 +00:00			`response = self.send_test_request(sender=self.mouse, signer=self.cat)`
			`self.assertEqual(response.status_code, 401)`
Add tests for remote actors (fetch keys via http.) 2020-05-13 11:26:07 +00:00
Fix test remote signer and comment out failing tests 2020-11-27 21:08:01 +00:00			`@responses.activate`
			`def test_remote_signer(self):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""signtures for remote users"""`
Runs black 2021-03-08 16:49:10 +00:00			`datafile = pathlib.Path(__file__).parent.joinpath("data/ap_user.json")`
Fix test remote signer and comment out failing tests 2020-11-27 21:08:01 +00:00			`data = json.loads(datafile.read_bytes())`
Runs black 2021-03-08 16:49:10 +00:00			`data["id"] = self.fake_remote.remote_id`
			`data["publicKey"]["publicKeyPem"] = self.fake_remote.key_pair.public_key`
			`del data["icon"] # Avoid having to return an avatar.`
			`responses.add(responses.GET, self.fake_remote.remote_id, json=data, status=200)`
Fix test remote signer and comment out failing tests 2020-11-27 21:08:01 +00:00			`responses.add(`
Runs black 2021-03-08 16:49:10 +00:00			`responses.GET, "https://localhost/.well-known/nodeinfo", status=404`
			`)`
Fix test remote signer and comment out failing tests 2020-11-27 21:08:01 +00:00			`responses.add(`
			`responses.GET,`
Runs black 2021-03-08 16:49:10 +00:00			`"https://example.com/user/mouse/outbox?page=true",`
			`json={"orderedItems": []},`
			`status=200,`
Fix test remote signer and comment out failing tests 2020-11-27 21:08:01 +00:00			`)`

Refactors test mocks 2021-08-02 23:05:40 +00:00			`with patch("bookwyrm.models.user.get_remote_reviews.delay"):`
			`response = self.send_test_request(sender=self.fake_remote)`
			`self.assertEqual(response.status_code, 200)`
Comment out failing tests Obviously this is not a SOLUTION, it's an intermediary step in resolving the redis dependency issues. this PR isn't mergable until the tests are restored. 2020-11-27 19:53:30 +00:00
Fixes celery mocks on more signature unit tests 2020-11-27 21:18:10 +00:00			`@responses.activate`
			`def test_key_needs_refresh(self):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""an out of date key should be updated and the new key work"""`
Runs black 2021-03-08 16:49:10 +00:00			`datafile = pathlib.Path(__file__).parent.joinpath("data/ap_user.json")`
Fixes celery mocks on more signature unit tests 2020-11-27 21:18:10 +00:00			`data = json.loads(datafile.read_bytes())`
Runs black 2021-03-08 16:49:10 +00:00			`data["id"] = self.fake_remote.remote_id`
			`data["publicKey"]["publicKeyPem"] = self.fake_remote.key_pair.public_key`
			`del data["icon"] # Avoid having to return an avatar.`
			`responses.add(responses.GET, self.fake_remote.remote_id, json=data, status=200)`
Fixes celery mocks on more signature unit tests 2020-11-27 21:18:10 +00:00			`responses.add(`
Runs black 2021-03-08 16:49:10 +00:00			`responses.GET, "https://localhost/.well-known/nodeinfo", status=404`
			`)`
Fixes celery mocks on more signature unit tests 2020-11-27 21:18:10 +00:00
			`# Second and subsequent fetches get a different key:`
Save key pair when creating new User 2020-12-03 20:45:01 +00:00			`key_pair = KeyPair(*create_key_pair())`
Updates remote user when refreshing key 2020-12-05 00:26:07 +00:00			`new_sender = Sender(self.fake_remote.remote_id, key_pair)`
Runs black 2021-03-08 16:49:10 +00:00			`data["publicKey"]["publicKeyPem"] = key_pair.public_key`
			`responses.add(responses.GET, self.fake_remote.remote_id, json=data, status=200)`
Fixes celery mocks on more signature unit tests 2020-11-27 21:18:10 +00:00
Refactors test mocks 2021-08-02 23:05:40 +00:00			`with patch("bookwyrm.models.user.get_remote_reviews.delay"):`
			`# Key correct:`
			`response = self.send_test_request(sender=self.fake_remote)`
			`self.assertEqual(response.status_code, 200)`
Fix tests 2021-05-27 19:37:27 +00:00
Refactors test mocks 2021-08-02 23:05:40 +00:00			`# Old key is cached, so still works:`
			`response = self.send_test_request(sender=self.fake_remote)`
			`self.assertEqual(response.status_code, 200)`
Fix tests 2021-05-27 19:37:27 +00:00
Refactors test mocks 2021-08-02 23:05:40 +00:00			`# Try with new key:`
			`response = self.send_test_request(sender=new_sender)`
			`self.assertEqual(response.status_code, 200)`
Fix tests 2021-05-27 19:37:27 +00:00
Refactors test mocks 2021-08-02 23:05:40 +00:00			`# Now the old key will fail:`
			`response = self.send_test_request(sender=self.fake_remote)`
			`self.assertEqual(response.status_code, 401)`
Fetch updated key if old key is invalid. 2020-05-22 12:49:56 +00:00
Add tests for remote actors (fetch keys via http.) 2020-05-13 11:26:07 +00:00			`@responses.activate`
			`def test_nonexistent_signer(self):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""fail when unable to look up signer"""`
Add tests for remote actors (fetch keys via http.) 2020-05-13 11:26:07 +00:00			`responses.add(`
			`responses.GET,`
Updates for broadcast changes 2020-05-14 01:23:54 +00:00			`self.fake_remote.remote_id,`
Runs black 2021-03-08 16:49:10 +00:00			`json={"error": "not found"},`
			`status=404,`
			`)`
Add tests for remote actors (fetch keys via http.) 2020-05-13 11:26:07 +00:00
Add digests for outgoing messages, and testing. 2020-05-19 20:33:47 +00:00			`response = self.send_test_request(sender=self.fake_remote)`
			`self.assertEqual(response.status_code, 401)`

Fixes celery mocks on more signature unit tests 2020-11-27 21:18:10 +00:00			`@pytest.mark.integration`
			`def test_changed_data(self):`
Runs black 2021-03-08 16:49:10 +00:00			`"""Message data must match the digest header."""`
			`with patch("bookwyrm.activitypub.resolve_remote_id"):`
Trying to avoid issues from execusing http requests 2020-11-27 21:39:33 +00:00			`response = self.send_test_request(`
Runs black 2021-03-08 16:49:10 +00:00			`self.mouse, send_data=get_follow_activity(self.mouse, self.cat)`
			`)`
Trying to avoid issues from execusing http requests 2020-11-27 21:39:33 +00:00			`self.assertEqual(response.status_code, 401)`
Add digests for outgoing messages, and testing. 2020-05-19 20:33:47 +00:00
Trying to avoid issues from execusing http requests 2020-11-27 21:39:33 +00:00			`@pytest.mark.integration`
			`def test_invalid_digest(self):`
New version of black, new whitespace 2021-04-26 16:15:42 +00:00			`"""signature digest must be valid"""`
Runs black 2021-03-08 16:49:10 +00:00			`with patch("bookwyrm.activitypub.resolve_remote_id"):`
Trying to avoid issues from execusing http requests 2020-11-27 21:39:33 +00:00			`response = self.send_test_request(`
Runs black 2021-03-08 16:49:10 +00:00			`self.mouse, digest="SHA-256=AAAAAAAAAAAAAAAAAA"`
			`)`
Trying to avoid issues from execusing http requests 2020-11-27 21:39:33 +00:00			`self.assertEqual(response.status_code, 401)`
Check that the date in the signature isn't too old. 2020-05-20 14:26:01 +00:00
Mock fetch_user function which makes http request 2020-11-27 21:53:38 +00:00			`@pytest.mark.integration`
			`def test_old_message(self):`
Runs black 2021-03-08 16:49:10 +00:00			`"""Old messages should be rejected to prevent replay attacks."""`
			`with patch("bookwyrm.activitypub.resolve_remote_id"):`
Mock fetch_user function which makes http request 2020-11-27 21:53:38 +00:00			`response = self.send_test_request(`
Runs black 2021-03-08 16:49:10 +00:00			`self.mouse, date=http_date(time.time() - 301)`
Mock fetch_user function which makes http request 2020-11-27 21:53:38 +00:00			`)`
			`self.assertEqual(response.status_code, 401)`