mirror of
https://github.com/superseriousbusiness/gotosocial.git
synced 2024-12-28 01:50:30 +00:00
dfdc473cef
* move finger to dereferencer * totally break GetRemoteAccount * start reworking finger func a bit * start reworking getRemoteAccount a bit * move mention parts to namestring * rework webfingerget * use util function to extract webfinger parts * use accountDomain * rework finger again, final form * just a real nasty commit, the worst * remove refresh from account * use new ASRepToAccount signature * fix incorrect debug call * fix for new getRemoteAccount * rework GetRemoteAccount * start updating tests to remove repetition * break a lot of tests Move shared test logic into the testrig, rather than having it scattered all over the place. This allows us to just mock the transport controller once, and have all tests use it (unless they need not to for some other reason). * fix up tests to use main mock httpclient * webfinger only if necessary * cheeky linting with the lads * update mentionName regex recognize instance accounts * don't finger instance accounts * test webfinger part extraction * increase default worker count to 4 per cpu * don't repeat regex parsing * final search for discovered accountDomain * be more permissive in namestring lookup * add more extraction tests * simplify GetParseMentionFunc * skip long search if local account * fix broken test
310 lines
13 KiB
Go
310 lines
13 KiB
Go
/*
|
|
GoToSocial
|
|
Copyright (C) 2021-2022 GoToSocial Authors admin@gotosocial.org
|
|
|
|
This program is free software: you can redistribute it and/or modify
|
|
it under the terms of the GNU Affero General Public License as published by
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
This program is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU Affero General Public License for more details.
|
|
|
|
You should have received a copy of the GNU Affero General Public License
|
|
along with this program. If not, see <http://www.gnu.org/licenses/>.
|
|
*/
|
|
|
|
package federation_test
|
|
|
|
import (
|
|
"context"
|
|
"net/http"
|
|
"net/http/httptest"
|
|
"net/url"
|
|
"testing"
|
|
|
|
"github.com/go-fed/httpsig"
|
|
"github.com/stretchr/testify/suite"
|
|
"github.com/superseriousbusiness/gotosocial/internal/ap"
|
|
"github.com/superseriousbusiness/gotosocial/internal/concurrency"
|
|
"github.com/superseriousbusiness/gotosocial/internal/federation"
|
|
"github.com/superseriousbusiness/gotosocial/internal/gtsmodel"
|
|
"github.com/superseriousbusiness/gotosocial/internal/messages"
|
|
"github.com/superseriousbusiness/gotosocial/testrig"
|
|
)
|
|
|
|
type FederatingProtocolTestSuite struct {
|
|
FederatorStandardTestSuite
|
|
}
|
|
|
|
func (suite *FederatingProtocolTestSuite) TestPostInboxRequestBodyHook1() {
|
|
// the activity we're gonna use
|
|
activity := suite.testActivities["dm_for_zork"]
|
|
|
|
fedWorker := concurrency.NewWorkerPool[messages.FromFederator](-1, -1)
|
|
|
|
httpClient := testrig.NewMockHTTPClient(nil, "../../testrig/media")
|
|
tc := testrig.NewTestTransportController(httpClient, suite.db, fedWorker)
|
|
// setup module being tested
|
|
federator := federation.NewFederator(suite.db, testrig.NewTestFederatingDB(suite.db, fedWorker), tc, suite.tc, testrig.NewTestMediaManager(suite.db, suite.storage))
|
|
|
|
// setup request
|
|
ctx := context.Background()
|
|
request := httptest.NewRequest(http.MethodPost, "http://localhost:8080/users/the_mighty_zork/inbox", nil) // the endpoint we're hitting
|
|
request.Header.Set("Signature", activity.SignatureHeader)
|
|
|
|
// trigger the function being tested, and return the new context it creates
|
|
newContext, err := federator.PostInboxRequestBodyHook(ctx, request, activity.Activity)
|
|
suite.NoError(err)
|
|
suite.NotNil(newContext)
|
|
|
|
involvedIRIsI := newContext.Value(ap.ContextOtherInvolvedIRIs)
|
|
involvedIRIs, ok := involvedIRIsI.([]*url.URL)
|
|
if !ok {
|
|
suite.FailNow("couldn't get involved IRIs from context")
|
|
}
|
|
|
|
suite.Len(involvedIRIs, 1)
|
|
suite.Contains(involvedIRIs, testrig.URLMustParse("http://localhost:8080/users/the_mighty_zork"))
|
|
}
|
|
|
|
func (suite *FederatingProtocolTestSuite) TestPostInboxRequestBodyHook2() {
|
|
// the activity we're gonna use
|
|
activity := suite.testActivities["reply_to_turtle_for_zork"]
|
|
|
|
fedWorker := concurrency.NewWorkerPool[messages.FromFederator](-1, -1)
|
|
|
|
httpClient := testrig.NewMockHTTPClient(nil, "../../testrig/media")
|
|
tc := testrig.NewTestTransportController(httpClient, suite.db, fedWorker)
|
|
|
|
// setup module being tested
|
|
federator := federation.NewFederator(suite.db, testrig.NewTestFederatingDB(suite.db, fedWorker), tc, suite.tc, testrig.NewTestMediaManager(suite.db, suite.storage))
|
|
|
|
// setup request
|
|
ctx := context.Background()
|
|
request := httptest.NewRequest(http.MethodPost, "http://localhost:8080/users/the_mighty_zork/inbox", nil) // the endpoint we're hitting
|
|
request.Header.Set("Signature", activity.SignatureHeader)
|
|
|
|
// trigger the function being tested, and return the new context it creates
|
|
newContext, err := federator.PostInboxRequestBodyHook(ctx, request, activity.Activity)
|
|
suite.NoError(err)
|
|
suite.NotNil(newContext)
|
|
|
|
involvedIRIsI := newContext.Value(ap.ContextOtherInvolvedIRIs)
|
|
involvedIRIs, ok := involvedIRIsI.([]*url.URL)
|
|
if !ok {
|
|
suite.FailNow("couldn't get involved IRIs from context")
|
|
}
|
|
|
|
suite.Len(involvedIRIs, 2)
|
|
suite.Contains(involvedIRIs, testrig.URLMustParse("http://localhost:8080/users/1happyturtle"))
|
|
suite.Contains(involvedIRIs, testrig.URLMustParse("http://fossbros-anonymous.io/users/foss_satan/followers"))
|
|
}
|
|
|
|
func (suite *FederatingProtocolTestSuite) TestPostInboxRequestBodyHook3() {
|
|
// the activity we're gonna use
|
|
activity := suite.testActivities["reply_to_turtle_for_turtle"]
|
|
|
|
fedWorker := concurrency.NewWorkerPool[messages.FromFederator](-1, -1)
|
|
|
|
httpClient := testrig.NewMockHTTPClient(nil, "../../testrig/media")
|
|
tc := testrig.NewTestTransportController(httpClient, suite.db, fedWorker)
|
|
|
|
// setup module being tested
|
|
federator := federation.NewFederator(suite.db, testrig.NewTestFederatingDB(suite.db, fedWorker), tc, suite.tc, testrig.NewTestMediaManager(suite.db, suite.storage))
|
|
|
|
// setup request
|
|
ctx := context.Background()
|
|
request := httptest.NewRequest(http.MethodPost, "http://localhost:8080/users/1happyturtle/inbox", nil) // the endpoint we're hitting
|
|
request.Header.Set("Signature", activity.SignatureHeader)
|
|
|
|
// trigger the function being tested, and return the new context it creates
|
|
newContext, err := federator.PostInboxRequestBodyHook(ctx, request, activity.Activity)
|
|
suite.NoError(err)
|
|
suite.NotNil(newContext)
|
|
|
|
involvedIRIsI := newContext.Value(ap.ContextOtherInvolvedIRIs)
|
|
involvedIRIs, ok := involvedIRIsI.([]*url.URL)
|
|
if !ok {
|
|
suite.FailNow("couldn't get involved IRIs from context")
|
|
}
|
|
|
|
suite.Len(involvedIRIs, 2)
|
|
suite.Contains(involvedIRIs, testrig.URLMustParse("http://localhost:8080/users/1happyturtle"))
|
|
suite.Contains(involvedIRIs, testrig.URLMustParse("http://fossbros-anonymous.io/users/foss_satan/followers"))
|
|
}
|
|
|
|
func (suite *FederatingProtocolTestSuite) TestAuthenticatePostInbox() {
|
|
// the activity we're gonna use
|
|
activity := suite.testActivities["dm_for_zork"]
|
|
sendingAccount := suite.testAccounts["remote_account_1"]
|
|
inboxAccount := suite.testAccounts["local_account_1"]
|
|
|
|
fedWorker := concurrency.NewWorkerPool[messages.FromFederator](-1, -1)
|
|
|
|
httpClient := testrig.NewMockHTTPClient(nil, "../../testrig/media")
|
|
tc := testrig.NewTestTransportController(httpClient, suite.db, fedWorker)
|
|
|
|
// now setup module being tested, with the mock transport controller
|
|
federator := federation.NewFederator(suite.db, testrig.NewTestFederatingDB(suite.db, fedWorker), tc, suite.tc, testrig.NewTestMediaManager(suite.db, suite.storage))
|
|
|
|
request := httptest.NewRequest(http.MethodPost, "http://localhost:8080/users/the_mighty_zork/inbox", nil)
|
|
// we need these headers for the request to be validated
|
|
request.Header.Set("Signature", activity.SignatureHeader)
|
|
request.Header.Set("Date", activity.DateHeader)
|
|
request.Header.Set("Digest", activity.DigestHeader)
|
|
|
|
verifier, err := httpsig.NewVerifier(request)
|
|
suite.NoError(err)
|
|
|
|
ctx := context.Background()
|
|
// by the time AuthenticatePostInbox is called, PostInboxRequestBodyHook should have already been called,
|
|
// which should have set the account and username onto the request. We can replicate that behavior here:
|
|
ctxWithAccount := context.WithValue(ctx, ap.ContextReceivingAccount, inboxAccount)
|
|
ctxWithVerifier := context.WithValue(ctxWithAccount, ap.ContextRequestingPublicKeyVerifier, verifier)
|
|
ctxWithSignature := context.WithValue(ctxWithVerifier, ap.ContextRequestingPublicKeySignature, activity.SignatureHeader)
|
|
|
|
// we can pass this recorder as a writer and read it back after
|
|
recorder := httptest.NewRecorder()
|
|
|
|
// trigger the function being tested, and return the new context it creates
|
|
newContext, authed, err := federator.AuthenticatePostInbox(ctxWithSignature, recorder, request)
|
|
suite.NoError(err)
|
|
suite.True(authed)
|
|
|
|
// since we know this account already it should be set on the context
|
|
requestingAccountI := newContext.Value(ap.ContextRequestingAccount)
|
|
suite.NotNil(requestingAccountI)
|
|
requestingAccount, ok := requestingAccountI.(*gtsmodel.Account)
|
|
suite.True(ok)
|
|
suite.Equal(sendingAccount.Username, requestingAccount.Username)
|
|
}
|
|
|
|
func (suite *FederatingProtocolTestSuite) TestBlocked1() {
|
|
fedWorker := concurrency.NewWorkerPool[messages.FromFederator](-1, -1)
|
|
httpClient := testrig.NewMockHTTPClient(nil, "../../testrig/media")
|
|
tc := testrig.NewTestTransportController(httpClient, suite.db, fedWorker)
|
|
federator := federation.NewFederator(suite.db, testrig.NewTestFederatingDB(suite.db, fedWorker), tc, suite.tc, testrig.NewTestMediaManager(suite.db, suite.storage))
|
|
|
|
sendingAccount := suite.testAccounts["remote_account_1"]
|
|
inboxAccount := suite.testAccounts["local_account_1"]
|
|
otherInvolvedIRIs := []*url.URL{}
|
|
actorIRIs := []*url.URL{
|
|
testrig.URLMustParse(sendingAccount.URI),
|
|
}
|
|
|
|
ctx := context.Background()
|
|
ctxWithReceivingAccount := context.WithValue(ctx, ap.ContextReceivingAccount, inboxAccount)
|
|
ctxWithRequestingAccount := context.WithValue(ctxWithReceivingAccount, ap.ContextRequestingAccount, sendingAccount)
|
|
ctxWithOtherInvolvedIRIs := context.WithValue(ctxWithRequestingAccount, ap.ContextOtherInvolvedIRIs, otherInvolvedIRIs)
|
|
|
|
blocked, err := federator.Blocked(ctxWithOtherInvolvedIRIs, actorIRIs)
|
|
suite.NoError(err)
|
|
suite.False(blocked)
|
|
}
|
|
|
|
func (suite *FederatingProtocolTestSuite) TestBlocked2() {
|
|
fedWorker := concurrency.NewWorkerPool[messages.FromFederator](-1, -1)
|
|
httpClient := testrig.NewMockHTTPClient(nil, "../../testrig/media")
|
|
tc := testrig.NewTestTransportController(httpClient, suite.db, fedWorker)
|
|
federator := federation.NewFederator(suite.db, testrig.NewTestFederatingDB(suite.db, fedWorker), tc, suite.tc, testrig.NewTestMediaManager(suite.db, suite.storage))
|
|
|
|
sendingAccount := suite.testAccounts["remote_account_1"]
|
|
inboxAccount := suite.testAccounts["local_account_1"]
|
|
otherInvolvedIRIs := []*url.URL{}
|
|
actorIRIs := []*url.URL{
|
|
testrig.URLMustParse(sendingAccount.URI),
|
|
}
|
|
|
|
ctx := context.Background()
|
|
ctxWithReceivingAccount := context.WithValue(ctx, ap.ContextReceivingAccount, inboxAccount)
|
|
ctxWithRequestingAccount := context.WithValue(ctxWithReceivingAccount, ap.ContextRequestingAccount, sendingAccount)
|
|
ctxWithOtherInvolvedIRIs := context.WithValue(ctxWithRequestingAccount, ap.ContextOtherInvolvedIRIs, otherInvolvedIRIs)
|
|
|
|
// insert a block from inboxAccount targeting sendingAccount
|
|
if err := suite.db.Put(context.Background(), >smodel.Block{
|
|
ID: "01G3KBEMJD4VQ2D615MPV7KTRD",
|
|
URI: "whatever",
|
|
AccountID: inboxAccount.ID,
|
|
TargetAccountID: sendingAccount.ID,
|
|
}); err != nil {
|
|
suite.Fail(err.Error())
|
|
}
|
|
|
|
// request should be blocked now
|
|
blocked, err := federator.Blocked(ctxWithOtherInvolvedIRIs, actorIRIs)
|
|
suite.NoError(err)
|
|
suite.True(blocked)
|
|
}
|
|
|
|
func (suite *FederatingProtocolTestSuite) TestBlocked3() {
|
|
fedWorker := concurrency.NewWorkerPool[messages.FromFederator](-1, -1)
|
|
httpClient := testrig.NewMockHTTPClient(nil, "../../testrig/media")
|
|
tc := testrig.NewTestTransportController(httpClient, suite.db, fedWorker)
|
|
federator := federation.NewFederator(suite.db, testrig.NewTestFederatingDB(suite.db, fedWorker), tc, suite.tc, testrig.NewTestMediaManager(suite.db, suite.storage))
|
|
|
|
sendingAccount := suite.testAccounts["remote_account_1"]
|
|
inboxAccount := suite.testAccounts["local_account_1"]
|
|
ccedAccount := suite.testAccounts["remote_account_2"]
|
|
|
|
otherInvolvedIRIs := []*url.URL{
|
|
testrig.URLMustParse(ccedAccount.URI),
|
|
}
|
|
actorIRIs := []*url.URL{
|
|
testrig.URLMustParse(sendingAccount.URI),
|
|
}
|
|
|
|
ctx := context.Background()
|
|
ctxWithReceivingAccount := context.WithValue(ctx, ap.ContextReceivingAccount, inboxAccount)
|
|
ctxWithRequestingAccount := context.WithValue(ctxWithReceivingAccount, ap.ContextRequestingAccount, sendingAccount)
|
|
ctxWithOtherInvolvedIRIs := context.WithValue(ctxWithRequestingAccount, ap.ContextOtherInvolvedIRIs, otherInvolvedIRIs)
|
|
|
|
// insert a block from inboxAccount targeting CCed account
|
|
if err := suite.db.Put(context.Background(), >smodel.Block{
|
|
ID: "01G3KBEMJD4VQ2D615MPV7KTRD",
|
|
URI: "whatever",
|
|
AccountID: inboxAccount.ID,
|
|
TargetAccountID: ccedAccount.ID,
|
|
}); err != nil {
|
|
suite.Fail(err.Error())
|
|
}
|
|
|
|
blocked, err := federator.Blocked(ctxWithOtherInvolvedIRIs, actorIRIs)
|
|
suite.NoError(err)
|
|
suite.True(blocked)
|
|
}
|
|
|
|
func (suite *FederatingProtocolTestSuite) TestBlocked4() {
|
|
fedWorker := concurrency.NewWorkerPool[messages.FromFederator](-1, -1)
|
|
httpClient := testrig.NewMockHTTPClient(nil, "../../testrig/media")
|
|
tc := testrig.NewTestTransportController(httpClient, suite.db, fedWorker)
|
|
federator := federation.NewFederator(suite.db, testrig.NewTestFederatingDB(suite.db, fedWorker), tc, suite.tc, testrig.NewTestMediaManager(suite.db, suite.storage))
|
|
|
|
sendingAccount := suite.testAccounts["remote_account_1"]
|
|
inboxAccount := suite.testAccounts["local_account_1"]
|
|
repliedStatus := suite.testStatuses["local_account_2_status_1"]
|
|
|
|
otherInvolvedIRIs := []*url.URL{
|
|
testrig.URLMustParse(repliedStatus.URI), // this status is involved because the hypothetical activity is a reply to this status
|
|
}
|
|
actorIRIs := []*url.URL{
|
|
testrig.URLMustParse(sendingAccount.URI),
|
|
}
|
|
|
|
ctx := context.Background()
|
|
ctxWithReceivingAccount := context.WithValue(ctx, ap.ContextReceivingAccount, inboxAccount)
|
|
ctxWithRequestingAccount := context.WithValue(ctxWithReceivingAccount, ap.ContextRequestingAccount, sendingAccount)
|
|
ctxWithOtherInvolvedIRIs := context.WithValue(ctxWithRequestingAccount, ap.ContextOtherInvolvedIRIs, otherInvolvedIRIs)
|
|
|
|
// local account 2 (replied status account) blocks sending account already so we don't need to add a block here
|
|
|
|
blocked, err := federator.Blocked(ctxWithOtherInvolvedIRIs, actorIRIs)
|
|
suite.NoError(err)
|
|
suite.True(blocked)
|
|
}
|
|
|
|
func TestFederatingProtocolTestSuite(t *testing.T) {
|
|
suite.Run(t, new(FederatingProtocolTestSuite))
|
|
}
|