bookwyrm/bookwyrm/tests/test_signing.py

''' getting and verifying signatures '''
import time
from collections import namedtuple
from urllib.parse import urlsplit
import pathlib
from unittest.mock import patch

import json
import responses

import pytest

from django.test import TestCase, Client
from django.utils.http import http_date

from bookwyrm import models
from bookwyrm.activitypub import Follow
from bookwyrm.settings import DOMAIN
from bookwyrm.signatures import create_key_pair, make_signature, make_digest

def get_follow_activity(follower, followee):
    ''' generates a test activity '''
    return Follow(
        id='https://test.com/user/follow/id',
        actor=follower.remote_id,
        object=followee.remote_id,
    ).serialize()

KeyPair = namedtuple('KeyPair', ('private_key', 'public_key'))
Sender = namedtuple('Sender', ('remote_id', 'key_pair'))

class Signature(TestCase):
    ''' signature test '''
    def setUp(self):
        ''' create users and test data '''
        self.mouse = models.User.objects.create_user(
            'mouse@%s' % DOMAIN, 'mouse@example.com', '',
            local=True, localname='mouse')
        self.rat = models.User.objects.create_user(
            'rat@%s' % DOMAIN, 'rat@example.com', '',
            local=True, localname='rat')
        self.cat = models.User.objects.create_user(
            'cat@%s' % DOMAIN, 'cat@example.com', '',
            local=True, localname='cat')

        private_key, public_key = create_key_pair()

        self.fake_remote = Sender(
            'http://localhost/user/remote',
            KeyPair(private_key, public_key)
        )

        models.SiteSettings.objects.create()

    def send(self, signature, now, data, digest):
        ''' test request '''
        c = Client()
        return c.post(
            urlsplit(self.rat.inbox).path,
            data=data,
            content_type='application/json',
            **{
                'HTTP_DATE': now,
                'HTTP_SIGNATURE': signature,
                'HTTP_DIGEST': digest,
                'HTTP_CONTENT_TYPE': 'application/activity+json; charset=utf-8',
                'HTTP_HOST': DOMAIN,
            }
        )

    def send_test_request(#pylint: disable=too-many-arguments
            self,
            sender,
            signer=None,
            send_data=None,
            digest=None,
            date=None):
        ''' sends a follow request to the "rat" user '''
        now = date or http_date()
        data = json.dumps(get_follow_activity(sender, self.rat))
        digest = digest or make_digest(data)
        signature = make_signature(
            signer or sender, self.rat.inbox, now, digest)
        with patch('bookwyrm.views.inbox.activity_task.delay'):
            with patch('bookwyrm.models.user.set_remote_server.delay'):
                return self.send(signature, now, send_data or data, digest)

    def test_correct_signature(self):
        ''' this one should just work '''
        response = self.send_test_request(sender=self.mouse)
        self.assertEqual(response.status_code, 200)

    def test_wrong_signature(self):
        ''' Messages must be signed by the right actor.
            (cat cannot sign messages on behalf of mouse) '''
        response = self.send_test_request(sender=self.mouse, signer=self.cat)
        self.assertEqual(response.status_code, 401)

    @responses.activate
    def test_remote_signer(self):
        ''' signtures for remote users '''
        datafile = pathlib.Path(__file__).parent.joinpath('data/ap_user.json')
        data = json.loads(datafile.read_bytes())
        data['id'] = self.fake_remote.remote_id
        data['publicKey']['publicKeyPem'] = self.fake_remote.key_pair.public_key
        del data['icon'] # Avoid having to return an avatar.
        responses.add(
            responses.GET,
            self.fake_remote.remote_id,
            json=data,
            status=200)
        responses.add(
            responses.GET,
            'https://localhost/.well-known/nodeinfo',
            status=404)
        responses.add(
            responses.GET,
            'https://example.com/user/mouse/outbox?page=true',
            json={'orderedItems': []},
            status=200
        )

        with patch('bookwyrm.models.user.get_remote_reviews.delay'):
            response = self.send_test_request(sender=self.fake_remote)
            self.assertEqual(response.status_code, 200)

    @responses.activate
    def test_key_needs_refresh(self):
        ''' an out of date key should be updated and the new key work '''
        datafile = pathlib.Path(__file__).parent.joinpath('data/ap_user.json')
        data = json.loads(datafile.read_bytes())
        data['id'] = self.fake_remote.remote_id
        data['publicKey']['publicKeyPem'] = self.fake_remote.key_pair.public_key
        del data['icon'] # Avoid having to return an avatar.
        responses.add(
            responses.GET,
            self.fake_remote.remote_id,
            json=data,
            status=200)
        responses.add(
            responses.GET,
            'https://localhost/.well-known/nodeinfo',
            status=404)

        # Second and subsequent fetches get a different key:
        key_pair = KeyPair(*create_key_pair())
        new_sender = Sender(self.fake_remote.remote_id, key_pair)
        data['publicKey']['publicKeyPem'] = key_pair.public_key
        responses.add(
            responses.GET,
            self.fake_remote.remote_id,
            json=data,
            status=200)

        with patch('bookwyrm.models.user.get_remote_reviews.delay'):
            # Key correct:
            response = self.send_test_request(sender=self.fake_remote)
            self.assertEqual(response.status_code, 200)

            # Old key is cached, so still works:
            response = self.send_test_request(sender=self.fake_remote)
            self.assertEqual(response.status_code, 200)

            # Try with new key:
            response = self.send_test_request(sender=new_sender)
            self.assertEqual(response.status_code, 200)

            # Now the old key will fail:
            response = self.send_test_request(sender=self.fake_remote)
            self.assertEqual(response.status_code, 401)


    @responses.activate
    def test_nonexistent_signer(self):
        ''' fail when unable to look up signer '''
        responses.add(
            responses.GET,
            self.fake_remote.remote_id,
            json={'error': 'not found'},
            status=404)

        response = self.send_test_request(sender=self.fake_remote)
        self.assertEqual(response.status_code, 401)

    @pytest.mark.integration
    def test_changed_data(self):
        '''Message data must match the digest header.'''
        with patch('bookwyrm.activitypub.resolve_remote_id'):
            response = self.send_test_request(
                self.mouse,
                send_data=get_follow_activity(self.mouse, self.cat))
            self.assertEqual(response.status_code, 401)

    @pytest.mark.integration
    def test_invalid_digest(self):
        ''' signature digest must be valid '''
        with patch('bookwyrm.activitypub.resolve_remote_id'):
            response = self.send_test_request(
                self.mouse,
                digest='SHA-256=AAAAAAAAAAAAAAAAAA')
            self.assertEqual(response.status_code, 401)

    @pytest.mark.integration
    def test_old_message(self):
        '''Old messages should be rejected to prevent replay attacks.'''
        with patch('bookwyrm.activitypub.resolve_remote_id'):
            response = self.send_test_request(
                self.mouse,
                date=http_date(time.time() - 301)
            )
            self.assertEqual(response.status_code, 401)
Smarter way of inferring serializers (which are explicitly present) 2021-02-17 02:59:26 +00:00			`''' getting and verifying signatures '''`
Check that the date in the signature isn't too old. 2020-05-20 14:26:01 +00:00			`import time`
Add tests for remote actors (fetch keys via http.) 2020-05-13 11:26:07 +00:00			`from collections import namedtuple`
Add test for use of the wrong signature. 2020-05-13 10:18:48 +00:00			`from urllib.parse import urlsplit`
Use get_or_create_remote_user from get_public_key. 2020-05-21 15:32:28 +00:00			`import pathlib`
Mocks celery task for follow request 2020-11-27 21:02:26 +00:00			`from unittest.mock import patch`
Add test for use of the wrong signature. 2020-05-13 10:18:48 +00:00
Add digests for outgoing messages, and testing. 2020-05-19 20:33:47 +00:00			`import json`
Add tests for remote actors (fetch keys via http.) 2020-05-13 11:26:07 +00:00			`import responses`

Create example marker to avoid tests that require external domain 2020-11-08 21:07:37 +00:00			`import pytest`

Add test for use of the wrong signature. 2020-05-13 10:18:48 +00:00			`from django.test import TestCase, Client`
			`from django.utils.http import http_date`

Smarter way of inferring serializers (which are explicitly present) 2021-02-17 02:59:26 +00:00			`from bookwyrm import models`
Updates migrations To get the app working again I ran resetdb, let it crash in initdb, then ran the migration, then re-ran initdb 2020-09-21 15:10:37 +00:00			`from bookwyrm.activitypub import Follow`
			`from bookwyrm.settings import DOMAIN`
			`from bookwyrm.signatures import create_key_pair, make_signature, make_digest`
Add digests for outgoing messages, and testing. 2020-05-19 20:33:47 +00:00
Smarter way of inferring serializers (which are explicitly present) 2021-02-17 02:59:26 +00:00			`def get_follow_activity(follower, followee):`
			`''' generates a test activity '''`
			`return Follow(`
Use dataclasses to define activitypub (de)serialization (#177) * Use dataclasses to define activitypub (de)serialization 2020-09-17 20:02:52 +00:00			`id='https://test.com/user/follow/id',`
			`actor=follower.remote_id,`
			`object=followee.remote_id,`
			`).serialize()`
Add test for use of the wrong signature. 2020-05-13 10:18:48 +00:00
fixes some of the signing test issues 2020-12-01 03:53:42 +00:00			`KeyPair = namedtuple('KeyPair', ('private_key', 'public_key'))`
			`Sender = namedtuple('Sender', ('remote_id', 'key_pair'))`
Add tests for remote actors (fetch keys via http.) 2020-05-13 11:26:07 +00:00
Add test for use of the wrong signature. 2020-05-13 10:18:48 +00:00			`class Signature(TestCase):`
Smarter way of inferring serializers (which are explicitly present) 2021-02-17 02:59:26 +00:00			`''' signature test '''`
Add test for use of the wrong signature. 2020-05-13 10:18:48 +00:00			`def setUp(self):`
Smarter way of inferring serializers (which are explicitly present) 2021-02-17 02:59:26 +00:00			`''' create users and test data '''`
			`self.mouse = models.User.objects.create_user(`
Updates unit tests for new username handling still some failing tho 2020-12-27 23:18:48 +00:00			`'mouse@%s' % DOMAIN, 'mouse@example.com', '',`
			`local=True, localname='mouse')`
Smarter way of inferring serializers (which are explicitly present) 2021-02-17 02:59:26 +00:00			`self.rat = models.User.objects.create_user(`
Updates unit tests for new username handling still some failing tho 2020-12-27 23:18:48 +00:00			`'rat@%s' % DOMAIN, 'rat@example.com', '',`
			`local=True, localname='rat')`
Smarter way of inferring serializers (which are explicitly present) 2021-02-17 02:59:26 +00:00			`self.cat = models.User.objects.create_user(`
Updates unit tests for new username handling still some failing tho 2020-12-27 23:18:48 +00:00			`'cat@%s' % DOMAIN, 'cat@example.com', '',`
			`local=True, localname='cat')`
Add test for use of the wrong signature. 2020-05-13 10:18:48 +00:00
Move signature code into fedireads.signatures. 2020-05-14 13:24:37 +00:00			`private_key, public_key = create_key_pair()`
Add tests for remote actors (fetch keys via http.) 2020-05-13 11:26:07 +00:00
			`self.fake_remote = Sender(`
			`'http://localhost/user/remote',`
fixes some of the signing test issues 2020-12-01 03:53:42 +00:00			`KeyPair(private_key, public_key)`
Add tests for remote actors (fetch keys via http.) 2020-05-13 11:26:07 +00:00			`)`

Smarter way of inferring serializers (which are explicitly present) 2021-02-17 02:59:26 +00:00			`models.SiteSettings.objects.create()`

Fix invalid digest test. 2020-08-19 13:26:55 +00:00			`def send(self, signature, now, data, digest):`
corrects tests for latest code changes 2020-11-08 01:48:50 +00:00			`''' test request '''`
Add test for use of the wrong signature. 2020-05-13 10:18:48 +00:00			`c = Client()`
Check all signatures are signed by the right actor. 2020-05-13 10:40:57 +00:00			`return c.post(`
Add test for use of the wrong signature. 2020-05-13 10:18:48 +00:00			`urlsplit(self.rat.inbox).path,`
Add digests for outgoing messages, and testing. 2020-05-19 20:33:47 +00:00			`data=data,`
Add test for use of the wrong signature. 2020-05-13 10:18:48 +00:00			`content_type='application/json',`
			`**{`
			`'HTTP_DATE': now,`
			`'HTTP_SIGNATURE': signature,`
Fix invalid digest test. 2020-08-19 13:26:55 +00:00			`'HTTP_DIGEST': digest,`
Add test for use of the wrong signature. 2020-05-13 10:18:48 +00:00			`'HTTP_CONTENT_TYPE': 'application/activity+json; charset=utf-8',`
			`'HTTP_HOST': DOMAIN,`
			`}`
			`)`

Smarter way of inferring serializers (which are explicitly present) 2021-02-17 02:59:26 +00:00			`def send_test_request(#pylint: disable=too-many-arguments`
Add digests for outgoing messages, and testing. 2020-05-19 20:33:47 +00:00			`self,`
			`sender,`
			`signer=None,`
			`send_data=None,`
Check that the date in the signature isn't too old. 2020-05-20 14:26:01 +00:00			`digest=None,`
			`date=None):`
Mocks celery task for follow request 2020-11-27 21:02:26 +00:00			`''' sends a follow request to the "rat" user '''`
Check that the date in the signature isn't too old. 2020-05-20 14:26:01 +00:00			`now = date or http_date()`
Smarter way of inferring serializers (which are explicitly present) 2021-02-17 02:59:26 +00:00			`data = json.dumps(get_follow_activity(sender, self.rat))`
Fix invalid digest test. 2020-08-19 13:26:55 +00:00			`digest = digest or make_digest(data)`
Add digests for outgoing messages, and testing. 2020-05-19 20:33:47 +00:00			`signature = make_signature(`
Fix invalid digest test. 2020-08-19 13:26:55 +00:00			`signer or sender, self.rat.inbox, now, digest)`
makes inbox csrf exempt 2021-02-17 02:07:57 +00:00			`with patch('bookwyrm.views.inbox.activity_task.delay'):`
mock celery task in test signing 2020-12-03 20:50:21 +00:00			`with patch('bookwyrm.models.user.set_remote_server.delay'):`
			`return self.send(signature, now, send_data or data, digest)`
Add digests for outgoing messages, and testing. 2020-05-19 20:33:47 +00:00
Mocks celery task for follow request 2020-11-27 21:02:26 +00:00			`def test_correct_signature(self):`
Smarter way of inferring serializers (which are explicitly present) 2021-02-17 02:59:26 +00:00			`''' this one should just work '''`
Mocks celery task for follow request 2020-11-27 21:02:26 +00:00			`response = self.send_test_request(sender=self.mouse)`
			`self.assertEqual(response.status_code, 200)`
Check all signatures are signed by the right actor. 2020-05-13 10:40:57 +00:00
			`def test_wrong_signature(self):`
			`''' Messages must be signed by the right actor.`
corrects tests for latest code changes 2020-11-08 01:48:50 +00:00			`(cat cannot sign messages on behalf of mouse) '''`
Add digests for outgoing messages, and testing. 2020-05-19 20:33:47 +00:00			`response = self.send_test_request(sender=self.mouse, signer=self.cat)`
			`self.assertEqual(response.status_code, 401)`
Add tests for remote actors (fetch keys via http.) 2020-05-13 11:26:07 +00:00
Fix test remote signer and comment out failing tests 2020-11-27 21:08:01 +00:00			`@responses.activate`
			`def test_remote_signer(self):`
			`''' signtures for remote users '''`
			`datafile = pathlib.Path(__file__).parent.joinpath('data/ap_user.json')`
			`data = json.loads(datafile.read_bytes())`
			`data['id'] = self.fake_remote.remote_id`
fixes some of the signing test issues 2020-12-01 03:53:42 +00:00			`data['publicKey']['publicKeyPem'] = self.fake_remote.key_pair.public_key`
Fix test remote signer and comment out failing tests 2020-11-27 21:08:01 +00:00			`del data['icon'] # Avoid having to return an avatar.`
			`responses.add(`
			`responses.GET,`
			`self.fake_remote.remote_id,`
			`json=data,`
			`status=200)`
			`responses.add(`
			`responses.GET,`
			`'https://localhost/.well-known/nodeinfo',`
			`status=404)`
			`responses.add(`
			`responses.GET,`
			`'https://example.com/user/mouse/outbox?page=true',`
			`json={'orderedItems': []},`
			`status=200`
			`)`

Updates remote user when refreshing key 2020-12-05 00:26:07 +00:00			`with patch('bookwyrm.models.user.get_remote_reviews.delay'):`
Fix test remote signer and comment out failing tests 2020-11-27 21:08:01 +00:00			`response = self.send_test_request(sender=self.fake_remote)`
			`self.assertEqual(response.status_code, 200)`
Comment out failing tests Obviously this is not a SOLUTION, it's an intermediary step in resolving the redis dependency issues. this PR isn't mergable until the tests are restored. 2020-11-27 19:53:30 +00:00
Fixes celery mocks on more signature unit tests 2020-11-27 21:18:10 +00:00			`@responses.activate`
			`def test_key_needs_refresh(self):`
Smarter way of inferring serializers (which are explicitly present) 2021-02-17 02:59:26 +00:00			`''' an out of date key should be updated and the new key work '''`
Fixes celery mocks on more signature unit tests 2020-11-27 21:18:10 +00:00			`datafile = pathlib.Path(__file__).parent.joinpath('data/ap_user.json')`
			`data = json.loads(datafile.read_bytes())`
			`data['id'] = self.fake_remote.remote_id`
fixes some of the signing test issues 2020-12-01 03:53:42 +00:00			`data['publicKey']['publicKeyPem'] = self.fake_remote.key_pair.public_key`
Fixes celery mocks on more signature unit tests 2020-11-27 21:18:10 +00:00			`del data['icon'] # Avoid having to return an avatar.`
			`responses.add(`
			`responses.GET,`
			`self.fake_remote.remote_id,`
			`json=data,`
			`status=200)`
			`responses.add(`
			`responses.GET,`
			`'https://localhost/.well-known/nodeinfo',`
			`status=404)`

			`# Second and subsequent fetches get a different key:`
Save key pair when creating new User 2020-12-03 20:45:01 +00:00			`key_pair = KeyPair(*create_key_pair())`
Updates remote user when refreshing key 2020-12-05 00:26:07 +00:00			`new_sender = Sender(self.fake_remote.remote_id, key_pair)`
Save key pair when creating new User 2020-12-03 20:45:01 +00:00			`data['publicKey']['publicKeyPem'] = key_pair.public_key`
Fixes celery mocks on more signature unit tests 2020-11-27 21:18:10 +00:00			`responses.add(`
			`responses.GET,`
			`self.fake_remote.remote_id,`
			`json=data,`
			`status=200)`

Updates remote user when refreshing key 2020-12-05 00:26:07 +00:00			`with patch('bookwyrm.models.user.get_remote_reviews.delay'):`
Fixes celery mocks on more signature unit tests 2020-11-27 21:18:10 +00:00			`# Key correct:`
			`response = self.send_test_request(sender=self.fake_remote)`
			`self.assertEqual(response.status_code, 200)`

			`# Old key is cached, so still works:`
			`response = self.send_test_request(sender=self.fake_remote)`
			`self.assertEqual(response.status_code, 200)`

			`# Try with new key:`
fixes unit tests for incoming and outgoing follows 2020-11-27 22:15:13 +00:00			`response = self.send_test_request(sender=new_sender)`
			`self.assertEqual(response.status_code, 200)`
Fixes celery mocks on more signature unit tests 2020-11-27 21:18:10 +00:00
			`# Now the old key will fail:`
fixes unit tests for incoming and outgoing follows 2020-11-27 22:15:13 +00:00			`response = self.send_test_request(sender=self.fake_remote)`
			`self.assertEqual(response.status_code, 401)`
Fetch updated key if old key is invalid. 2020-05-22 12:49:56 +00:00

Add tests for remote actors (fetch keys via http.) 2020-05-13 11:26:07 +00:00			`@responses.activate`
			`def test_nonexistent_signer(self):`
Smarter way of inferring serializers (which are explicitly present) 2021-02-17 02:59:26 +00:00			`''' fail when unable to look up signer '''`
Add tests for remote actors (fetch keys via http.) 2020-05-13 11:26:07 +00:00			`responses.add(`
			`responses.GET,`
Updates for broadcast changes 2020-05-14 01:23:54 +00:00			`self.fake_remote.remote_id,`
Add tests for remote actors (fetch keys via http.) 2020-05-13 11:26:07 +00:00			`json={'error': 'not found'},`
			`status=404)`

Add digests for outgoing messages, and testing. 2020-05-19 20:33:47 +00:00			`response = self.send_test_request(sender=self.fake_remote)`
			`self.assertEqual(response.status_code, 401)`

Fixes celery mocks on more signature unit tests 2020-11-27 21:18:10 +00:00			`@pytest.mark.integration`
			`def test_changed_data(self):`
			`'''Message data must match the digest header.'''`
Updates remote user when refreshing key 2020-12-05 00:26:07 +00:00			`with patch('bookwyrm.activitypub.resolve_remote_id'):`
Trying to avoid issues from execusing http requests 2020-11-27 21:39:33 +00:00			`response = self.send_test_request(`
			`self.mouse,`
Smarter way of inferring serializers (which are explicitly present) 2021-02-17 02:59:26 +00:00			`send_data=get_follow_activity(self.mouse, self.cat))`
Trying to avoid issues from execusing http requests 2020-11-27 21:39:33 +00:00			`self.assertEqual(response.status_code, 401)`
Add digests for outgoing messages, and testing. 2020-05-19 20:33:47 +00:00
Trying to avoid issues from execusing http requests 2020-11-27 21:39:33 +00:00			`@pytest.mark.integration`
			`def test_invalid_digest(self):`
Smarter way of inferring serializers (which are explicitly present) 2021-02-17 02:59:26 +00:00			`''' signature digest must be valid '''`
Updates remote user when refreshing key 2020-12-05 00:26:07 +00:00			`with patch('bookwyrm.activitypub.resolve_remote_id'):`
Trying to avoid issues from execusing http requests 2020-11-27 21:39:33 +00:00			`response = self.send_test_request(`
			`self.mouse,`
			`digest='SHA-256=AAAAAAAAAAAAAAAAAA')`
			`self.assertEqual(response.status_code, 401)`
Check that the date in the signature isn't too old. 2020-05-20 14:26:01 +00:00
Mock fetch_user function which makes http request 2020-11-27 21:53:38 +00:00			`@pytest.mark.integration`
			`def test_old_message(self):`
			`'''Old messages should be rejected to prevent replay attacks.'''`
Updates remote user when refreshing key 2020-12-05 00:26:07 +00:00			`with patch('bookwyrm.activitypub.resolve_remote_id'):`
Mock fetch_user function which makes http request 2020-11-27 21:53:38 +00:00			`response = self.send_test_request(`
			`self.mouse,`
			`date=http_date(time.time() - 301)`
			`)`
			`self.assertEqual(response.status_code, 401)`