bookwyrm/bookwyrm/tests/test_signing.py

import time
from collections import namedtuple
from urllib.parse import urlsplit
import pathlib

import json
import responses

from django.test import TestCase, Client
from django.utils.http import http_date

from bookwyrm.models import User
from bookwyrm.activitypub import Follow
from bookwyrm.settings import DOMAIN
from bookwyrm.signatures import create_key_pair, make_signature, make_digest

def get_follow_data(follower, followee):
    follow_activity = Follow(
        id='https://test.com/user/follow/id',
        actor=follower.remote_id,
        object=followee.remote_id,
    ).serialize()
    return json.dumps(follow_activity)

Sender = namedtuple('Sender', ('remote_id', 'private_key', 'public_key'))

class Signature(TestCase):
    def setUp(self):
        self.mouse = User.objects.create_user('mouse', 'mouse@example.com', '')
        self.rat = User.objects.create_user('rat', 'rat@example.com', '')
        self.cat = User.objects.create_user('cat', 'cat@example.com', '')

        private_key, public_key = create_key_pair()

        self.fake_remote = Sender(
            'http://localhost/user/remote',
            private_key,
            public_key,
        )

    def send(self, signature, now, data, digest):
        c = Client()
        return c.post(
            urlsplit(self.rat.inbox).path,
            data=data,
            content_type='application/json',
            **{
                'HTTP_DATE': now,
                'HTTP_SIGNATURE': signature,
                'HTTP_DIGEST': digest,
                'HTTP_CONTENT_TYPE': 'application/activity+json; charset=utf-8',
                'HTTP_HOST': DOMAIN,
            }
        )

    def send_test_request(
            self,
            sender,
            signer=None,
            send_data=None,
            digest=None,
            date=None):
        now = date or http_date()
        data = get_follow_data(sender, self.rat)
        digest = digest or make_digest(data)
        signature = make_signature(
            signer or sender, self.rat.inbox, now, digest)
        return self.send(signature, now, send_data or data, digest)

    def test_correct_signature(self):
        response = self.send_test_request(sender=self.mouse)
        self.assertEqual(response.status_code, 200)

    def test_wrong_signature(self):
        ''' Messages must be signed by the right actor.
            (cat cannot sign messages on behalf of mouse)
        '''
        response = self.send_test_request(sender=self.mouse, signer=self.cat)
        self.assertEqual(response.status_code, 401)

    @responses.activate
    def test_remote_signer(self):
        datafile = pathlib.Path(__file__).parent.joinpath('data/ap_user.json')
        data = json.loads(datafile.read_bytes())
        data['id'] = self.fake_remote.remote_id
        data['publicKey']['publicKeyPem'] = self.fake_remote.public_key
        del data['icon'] # Avoid having to return an avatar.
        responses.add(
            responses.GET,
            self.fake_remote.remote_id,
            json=data,
            status=200)
        responses.add(
            responses.GET,
            'https://localhost/.well-known/nodeinfo',
            status=404)
        responses.add(
            responses.GET,
            'https://example.com/user/mouse/outbox?page=true',
            json={'orderedItems': []},
            status=200
        )

        response = self.send_test_request(sender=self.fake_remote)
        self.assertEqual(response.status_code, 200)

    @responses.activate
    def test_key_needs_refresh(self):
        datafile = pathlib.Path(__file__).parent.joinpath('data/ap_user.json')
        data = json.loads(datafile.read_bytes())
        data['id'] = self.fake_remote.remote_id
        data['publicKey']['publicKeyPem'] = self.fake_remote.public_key
        del data['icon'] # Avoid having to return an avatar.
        responses.add(
            responses.GET,
            self.fake_remote.remote_id,
            json=data,
            status=200)
        responses.add(
            responses.GET,
            'https://localhost/.well-known/nodeinfo',
            status=404)
        responses.add(
            responses.GET,
            'https://example.com/user/mouse/outbox?page=true',
            json={'orderedItems': []},
            status=200
        )

        # Second and subsequent fetches get a different key:
        new_private_key, new_public_key = create_key_pair()
        new_sender = Sender(
            self.fake_remote.remote_id, new_private_key, new_public_key)
        data['publicKey']['publicKeyPem'] = new_public_key
        responses.add(
            responses.GET,
            self.fake_remote.remote_id,
            json=data,
            status=200)


        # Key correct:
        response = self.send_test_request(sender=self.fake_remote)
        self.assertEqual(response.status_code, 200)

        # Old key is cached, so still works:
        response = self.send_test_request(sender=self.fake_remote)
        self.assertEqual(response.status_code, 200)

        # Try with new key:
        response = self.send_test_request(sender=new_sender)
        self.assertEqual(response.status_code, 200)

        # Now the old key will fail:
        response = self.send_test_request(sender=self.fake_remote)
        self.assertEqual(response.status_code, 401)


    @responses.activate
    def test_nonexistent_signer(self):
        responses.add(
            responses.GET,
            self.fake_remote.remote_id,
            json={'error': 'not found'},
            status=404)

        response = self.send_test_request(sender=self.fake_remote)
        self.assertEqual(response.status_code, 401)

    def test_changed_data(self):
        '''Message data must match the digest header.'''
        response = self.send_test_request(
            self.mouse,
            send_data=get_follow_data(self.mouse, self.cat))
        self.assertEqual(response.status_code, 401)

    def test_invalid_digest(self):
        response = self.send_test_request(
            self.mouse,
            digest='SHA-256=AAAAAAAAAAAAAAAAAA')
        self.assertEqual(response.status_code, 401)

    def test_old_message(self):
        '''Old messages should be rejected to prevent replay attacks.'''
        response = self.send_test_request(
            self.mouse,
            date=http_date(time.time() - 301)
        )
        self.assertEqual(response.status_code, 401)
Check that the date in the signature isn't too old. 2020-05-20 14:26:01 +00:00			`import time`
Add tests for remote actors (fetch keys via http.) 2020-05-13 11:26:07 +00:00			`from collections import namedtuple`
Add test for use of the wrong signature. 2020-05-13 10:18:48 +00:00			`from urllib.parse import urlsplit`
Use get_or_create_remote_user from get_public_key. 2020-05-21 15:32:28 +00:00			`import pathlib`
Add test for use of the wrong signature. 2020-05-13 10:18:48 +00:00
Add digests for outgoing messages, and testing. 2020-05-19 20:33:47 +00:00			`import json`
Add tests for remote actors (fetch keys via http.) 2020-05-13 11:26:07 +00:00			`import responses`

Add test for use of the wrong signature. 2020-05-13 10:18:48 +00:00			`from django.test import TestCase, Client`
			`from django.utils.http import http_date`

Updates migrations To get the app working again I ran resetdb, let it crash in initdb, then ran the migration, then re-ran initdb 2020-09-21 15:10:37 +00:00			`from bookwyrm.models import User`
			`from bookwyrm.activitypub import Follow`
			`from bookwyrm.settings import DOMAIN`
			`from bookwyrm.signatures import create_key_pair, make_signature, make_digest`
Add digests for outgoing messages, and testing. 2020-05-19 20:33:47 +00:00
			`def get_follow_data(follower, followee):`
Use dataclasses to define activitypub (de)serialization (#177) * Use dataclasses to define activitypub (de)serialization 2020-09-17 20:02:52 +00:00			`follow_activity = Follow(`
			`id='https://test.com/user/follow/id',`
			`actor=follower.remote_id,`
			`object=followee.remote_id,`
			`).serialize()`
			`return json.dumps(follow_activity)`
Add test for use of the wrong signature. 2020-05-13 10:18:48 +00:00
Updates for broadcast changes 2020-05-14 01:23:54 +00:00			`Sender = namedtuple('Sender', ('remote_id', 'private_key', 'public_key'))`
Add tests for remote actors (fetch keys via http.) 2020-05-13 11:26:07 +00:00
Add test for use of the wrong signature. 2020-05-13 10:18:48 +00:00			`class Signature(TestCase):`
			`def setUp(self):`
			`self.mouse = User.objects.create_user('mouse', 'mouse@example.com', '')`
			`self.rat = User.objects.create_user('rat', 'rat@example.com', '')`
			`self.cat = User.objects.create_user('cat', 'cat@example.com', '')`

Move signature code into fedireads.signatures. 2020-05-14 13:24:37 +00:00			`private_key, public_key = create_key_pair()`
Add tests for remote actors (fetch keys via http.) 2020-05-13 11:26:07 +00:00
			`self.fake_remote = Sender(`
			`'http://localhost/user/remote',`
			`private_key,`
			`public_key,`
			`)`

Fix invalid digest test. 2020-08-19 13:26:55 +00:00			`def send(self, signature, now, data, digest):`
Add test for use of the wrong signature. 2020-05-13 10:18:48 +00:00			`c = Client()`
Check all signatures are signed by the right actor. 2020-05-13 10:40:57 +00:00			`return c.post(`
Add test for use of the wrong signature. 2020-05-13 10:18:48 +00:00			`urlsplit(self.rat.inbox).path,`
Add digests for outgoing messages, and testing. 2020-05-19 20:33:47 +00:00			`data=data,`
Add test for use of the wrong signature. 2020-05-13 10:18:48 +00:00			`content_type='application/json',`
			`**{`
			`'HTTP_DATE': now,`
			`'HTTP_SIGNATURE': signature,`
Fix invalid digest test. 2020-08-19 13:26:55 +00:00			`'HTTP_DIGEST': digest,`
Add test for use of the wrong signature. 2020-05-13 10:18:48 +00:00			`'HTTP_CONTENT_TYPE': 'application/activity+json; charset=utf-8',`
			`'HTTP_HOST': DOMAIN,`
			`}`
			`)`

Add digests for outgoing messages, and testing. 2020-05-19 20:33:47 +00:00			`def send_test_request(`
			`self,`
			`sender,`
			`signer=None,`
			`send_data=None,`
Check that the date in the signature isn't too old. 2020-05-20 14:26:01 +00:00			`digest=None,`
			`date=None):`
			`now = date or http_date()`
Add digests for outgoing messages, and testing. 2020-05-19 20:33:47 +00:00			`data = get_follow_data(sender, self.rat)`
Fix invalid digest test. 2020-08-19 13:26:55 +00:00			`digest = digest or make_digest(data)`
Add digests for outgoing messages, and testing. 2020-05-19 20:33:47 +00:00			`signature = make_signature(`
Fix invalid digest test. 2020-08-19 13:26:55 +00:00			`signer or sender, self.rat.inbox, now, digest)`
			`return self.send(signature, now, send_data or data, digest)`
Add digests for outgoing messages, and testing. 2020-05-19 20:33:47 +00:00
			`def test_correct_signature(self):`
			`response = self.send_test_request(sender=self.mouse)`
			`self.assertEqual(response.status_code, 200)`
Check all signatures are signed by the right actor. 2020-05-13 10:40:57 +00:00
			`def test_wrong_signature(self):`
			`''' Messages must be signed by the right actor.`
			`(cat cannot sign messages on behalf of mouse)`
			`'''`
Add digests for outgoing messages, and testing. 2020-05-19 20:33:47 +00:00			`response = self.send_test_request(sender=self.mouse, signer=self.cat)`
			`self.assertEqual(response.status_code, 401)`
Add tests for remote actors (fetch keys via http.) 2020-05-13 11:26:07 +00:00
			`@responses.activate`
			`def test_remote_signer(self):`
Use get_or_create_remote_user from get_public_key. 2020-05-21 15:32:28 +00:00			`datafile = pathlib.Path(__file__).parent.joinpath('data/ap_user.json')`
			`data = json.loads(datafile.read_bytes())`
			`data['id'] = self.fake_remote.remote_id`
			`data['publicKey']['publicKeyPem'] = self.fake_remote.public_key`
			`del data['icon'] # Avoid having to return an avatar.`
Add tests for remote actors (fetch keys via http.) 2020-05-13 11:26:07 +00:00			`responses.add(`
			`responses.GET,`
Updates for broadcast changes 2020-05-14 01:23:54 +00:00			`self.fake_remote.remote_id,`
Use get_or_create_remote_user from get_public_key. 2020-05-21 15:32:28 +00:00			`json=data,`
Add tests for remote actors (fetch keys via http.) 2020-05-13 11:26:07 +00:00			`status=200)`
Use get_or_create_remote_user from get_public_key. 2020-05-21 15:32:28 +00:00			`responses.add(`
			`responses.GET,`
			`'https://localhost/.well-known/nodeinfo',`
			`status=404)`
			`responses.add(`
			`responses.GET,`
			`'https://example.com/user/mouse/outbox?page=true',`
			`json={'orderedItems': []},`
			`status=200`
			`)`
Add tests for remote actors (fetch keys via http.) 2020-05-13 11:26:07 +00:00
Add digests for outgoing messages, and testing. 2020-05-19 20:33:47 +00:00			`response = self.send_test_request(sender=self.fake_remote)`
Move signature code into fedireads.signatures. 2020-05-14 13:24:37 +00:00			`self.assertEqual(response.status_code, 200)`
Add tests for remote actors (fetch keys via http.) 2020-05-13 11:26:07 +00:00
Fetch updated key if old key is invalid. 2020-05-22 12:49:56 +00:00			`@responses.activate`
			`def test_key_needs_refresh(self):`
			`datafile = pathlib.Path(__file__).parent.joinpath('data/ap_user.json')`
			`data = json.loads(datafile.read_bytes())`
			`data['id'] = self.fake_remote.remote_id`
			`data['publicKey']['publicKeyPem'] = self.fake_remote.public_key`
			`del data['icon'] # Avoid having to return an avatar.`
			`responses.add(`
			`responses.GET,`
			`self.fake_remote.remote_id,`
			`json=data,`
			`status=200)`
			`responses.add(`
			`responses.GET,`
			`'https://localhost/.well-known/nodeinfo',`
			`status=404)`
			`responses.add(`
			`responses.GET,`
			`'https://example.com/user/mouse/outbox?page=true',`
			`json={'orderedItems': []},`
			`status=200`
			`)`

			`# Second and subsequent fetches get a different key:`
			`new_private_key, new_public_key = create_key_pair()`
			`new_sender = Sender(`
			`self.fake_remote.remote_id, new_private_key, new_public_key)`
			`data['publicKey']['publicKeyPem'] = new_public_key`
			`responses.add(`
			`responses.GET,`
			`self.fake_remote.remote_id,`
			`json=data,`
			`status=200)`


			`# Key correct:`
			`response = self.send_test_request(sender=self.fake_remote)`
			`self.assertEqual(response.status_code, 200)`

			`# Old key is cached, so still works:`
			`response = self.send_test_request(sender=self.fake_remote)`
			`self.assertEqual(response.status_code, 200)`

			`# Try with new key:`
			`response = self.send_test_request(sender=new_sender)`
			`self.assertEqual(response.status_code, 200)`

			`# Now the old key will fail:`
			`response = self.send_test_request(sender=self.fake_remote)`
			`self.assertEqual(response.status_code, 401)`


Add tests for remote actors (fetch keys via http.) 2020-05-13 11:26:07 +00:00			`@responses.activate`
			`def test_nonexistent_signer(self):`
			`responses.add(`
			`responses.GET,`
Updates for broadcast changes 2020-05-14 01:23:54 +00:00			`self.fake_remote.remote_id,`
Add tests for remote actors (fetch keys via http.) 2020-05-13 11:26:07 +00:00			`json={'error': 'not found'},`
			`status=404)`

Add digests for outgoing messages, and testing. 2020-05-19 20:33:47 +00:00			`response = self.send_test_request(sender=self.fake_remote)`
			`self.assertEqual(response.status_code, 401)`

			`def test_changed_data(self):`
			`'''Message data must match the digest header.'''`
			`response = self.send_test_request(`
			`self.mouse,`
			`send_data=get_follow_data(self.mouse, self.cat))`
			`self.assertEqual(response.status_code, 401)`

			`def test_invalid_digest(self):`
			`response = self.send_test_request(`
			`self.mouse,`
			`digest='SHA-256=AAAAAAAAAAAAAAAAAA')`
Move signature code into fedireads.signatures. 2020-05-14 13:24:37 +00:00			`self.assertEqual(response.status_code, 401)`
Check that the date in the signature isn't too old. 2020-05-20 14:26:01 +00:00
			`def test_old_message(self):`
			`'''Old messages should be rejected to prevent replay attacks.'''`
			`response = self.send_test_request(`
			`self.mouse,`
			`date=http_date(time.time() - 301)`
			`)`
			`self.assertEqual(response.status_code, 401)`