From 0d1e09fbcdb1a1db93d9561c9323c7ef105e71ca Mon Sep 17 00:00:00 2001
From: Andrew Godwin
Date: Mon, 21 Nov 2022 20:10:01 -0700
Subject: Refactor almost all tests into /tests/
---
tests/activities/models/test_post.py | 31 ++++
.../activities/templatetags/test_activity_tags.py | 21 +++
tests/conftest.py | 59 +++++++
tests/core/test_signatures.py | 114 +++++++++++++
tests/users/models/test_identity.py | 178 +++++++++++++++++++++
tests/users/views/test_activitypub.py | 31 ++++
tests/users/views/test_auth.py | 59 +++++++
7 files changed, 493 insertions(+)
create mode 100644 tests/activities/models/test_post.py
create mode 100644 tests/activities/templatetags/test_activity_tags.py
create mode 100644 tests/conftest.py
create mode 100644 tests/core/test_signatures.py
create mode 100644 tests/users/models/test_identity.py
create mode 100644 tests/users/views/test_activitypub.py
create mode 100644 tests/users/views/test_auth.py
(limited to 'tests')
diff --git a/tests/activities/models/test_post.py b/tests/activities/models/test_post.py
new file mode 100644
index 0000000..5c7fca2
--- /dev/null
+++ b/tests/activities/models/test_post.py
@@ -0,0 +1,31 @@
+import pytest
+from pytest_httpx import HTTPXMock
+
+from activities.models import Post
+
+
+@pytest.mark.django_db
+def test_fetch_post(httpx_mock: HTTPXMock):
+ """
+ Tests that a post we don't have locally can be fetched by by_object_uri
+ """
+ httpx_mock.add_response(
+ url="https://example.com/test-post",
+ json={
+ "@context": [
+ "https://www.w3.org/ns/activitystreams",
+ ],
+ "id": "https://example.com/test-post",
+ "type": "Note",
+ "published": "2022-11-13T23:20:16Z",
+ "url": "https://example.com/test-post",
+ "attributedTo": "https://example.com/test-actor",
+ "content": "BEEEEEES",
+ },
+ )
+ # Fetch with a HTTP access
+ post = Post.by_object_uri("https://example.com/test-post", fetch=True)
+ assert post.content == "BEEEEEES"
+ assert post.author.actor_uri == "https://example.com/test-actor"
+ # Fetch again with a DB hit
+ assert Post.by_object_uri("https://example.com/test-post").id == post.id
diff --git a/tests/activities/templatetags/test_activity_tags.py b/tests/activities/templatetags/test_activity_tags.py
new file mode 100644
index 0000000..987c008
--- /dev/null
+++ b/tests/activities/templatetags/test_activity_tags.py
@@ -0,0 +1,21 @@
+from datetime import timedelta
+
+from django.utils import timezone
+
+from activities.templatetags.activity_tags import timedeltashort
+
+
+def test_timedeltashort_regress():
+ assert timedeltashort(None) == ""
+ assert timedeltashort("") == ""
+
+ value = timezone.now()
+
+ assert timedeltashort(value) == "0s"
+ assert timedeltashort(value - timedelta(seconds=2)) == "2s"
+ assert timedeltashort(value - timedelta(minutes=2)) == "2m"
+ assert timedeltashort(value - timedelta(hours=2)) == "2h"
+ assert timedeltashort(value - timedelta(days=2)) == "2d"
+ assert timedeltashort(value - timedelta(days=364)) == "364d"
+ assert timedeltashort(value - timedelta(days=365)) == "1y"
+ assert timedeltashort(value - timedelta(days=366)) == "1y"
diff --git a/tests/conftest.py b/tests/conftest.py
new file mode 100644
index 0000000..79bdf60
--- /dev/null
+++ b/tests/conftest.py
@@ -0,0 +1,59 @@
+import pytest
+
+from core.models import Config
+
+
+@pytest.fixture
+def keypair():
+ """
+ Testing-only keypair
+ """
+ return {
+ "private_key": """-----BEGIN PRIVATE KEY-----
+MIIEvAIBADANBgkqhkiG9w0BAQEFAASCBKYwggSiAgEAAoIBAQCzNJa9JIxQpOtQ
+z8UQKXDPREF9DyBliGu3uPWo6DMnkOm7hoh2+nOryrWDqWOFaVK//n7kltHXUEbm
+U3exh0/0iWfzx2AbNrI04csAvW/hRvHbHBnVTotSxzqTd3ESkpcSW4xVuz9aCcFR
+kW3unSCO3fF0Lh8Jsy9N/CT6oTnwG+ZpeGvHVbh9xfR5Ww6zA7z8A6B17hbzdMd/
+3qUPijyIb5se4cWVtGg/ZJ0X1syn9u9kpwUjhHlyWH/esMRHxPuW49BPZPhhKs1+
+t//4xgZcRX515qFqPS2EtYgZAfh7M3TRv8uCSzL4TT+8ka9IUwKdV6TFaqH27bAG
+KyJQfGaTAgMBAAECggEALZY5qFjlRtiFMfQApdlc5KTw4d7Yt2tqN3zaJUMYTD7d
+boJNMbMJfNCetyT+d6Aw2D1ly0GglNzLhGkEQElzKfpQUt/Lj3CtCa3Mpd4K2Wxi
+NwJhgfUulPqwaHYQchCPVLCsNNziw0VLA7Rymionb6B+/TaEV8PYy0ZSo90ir3UD
+CL5t+IWgIPiy6pk1wGOmeB+tU4+V7/hFel+vPFNahafqVhLE311dfx2aOfweAEfN
+e4JoPeJP1/fB+BVZMyVSAraKz6wheymBBNKKn/vpFsdd6it2AP4UZeFp6ma9wT9t
+nk65IpHg1MBxazQd7621GrPH+ZnhMg62H/FEj6rIDQKBgQC1w1fEbk+zjI54DXU8
+FAe5cJbZS89fMP5CtzlWKzTzfdaavT+5cUYp3XAv37tSGsqYAXxY+4bHGa+qdCQO
+I41cmylWGNX2e29/p2BspDPM6YQ0Z21MxFRBTWvHFrhd0bF1cXKBKPttdkKvzOEP
+6uNy+/QtRNn9xF/ZjaMHcyPPTQKBgQD8ZdOmZ3TMsYJchAjjseN8S+Objw2oZzmK
+6I1ULJBz3DWiyCUfir+pMjSH4fsAf9zrHkiM7xUgMByTukVRt16BrT7TlEBanAxc
+/AKdNB3f0pza829LCz1lMAUn+ngZLTmRR+1rQFXqTjhB+0peJzKiMli+9BBhL9Ry
+jMeTuLHdXwKBgGiz9kL5KIBNX2RYnEfXYfu4l6zktrgnCNB1q1mv2fjJbG4GxkaU
+sc47+Pwa7VUGid22PWMkwSa/7SlLbdmXMT8/QjiOZfJueHQYfrsWe6B2g+mMCrJG
+BiL37jXpKJsiyA7XIxaz/OG5VgDfDGaW8B60dJv/JXPBQ1WW+Wq5MM+hAoGAAUdS
+xykHAnJzwpw4n06rZFnOEV+sJgo/1GBRNvfy02NuMiDpbzt4tRa4BWgzqVD8gYRp
+wa0EYmFcA7OR3lQbenSyOMgre0oHFgGA0eMNs7CRctqA2dR4vyZ7IDS4nwgHnqDK
+pxxwUvuKdWsceVWhgAjZQj5iRtvDK8Fi0XDCFekCgYALTU1v5iMIpaRAe+eyA2B1
+42qm4B/uhXznvOu2YXU6iJFmMgHGYgpa+Dq8uUjKtpn/LIFeX1KN0hH8z/0LW3gB
+e7tN7taW0oLK3RQcEMfkZ7diE9x3LGqo/xMxsZMtxAr88p5eMEU/nxxznOqq+W9b
+qxRbXYzEtHz+cW9+FZkyVw==
+-----END PRIVATE KEY-----""",
+ "public_key": """-----BEGIN PUBLIC KEY-----
+MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAszSWvSSMUKTrUM/FEClw
+z0RBfQ8gZYhrt7j1qOgzJ5Dpu4aIdvpzq8q1g6ljhWlSv/5+5JbR11BG5lN3sYdP
+9Iln88dgGzayNOHLAL1v4Ubx2xwZ1U6LUsc6k3dxEpKXEluMVbs/WgnBUZFt7p0g
+jt3xdC4fCbMvTfwk+qE58BvmaXhrx1W4fcX0eVsOswO8/AOgde4W83THf96lD4o8
+iG+bHuHFlbRoP2SdF9bMp/bvZKcFI4R5clh/3rDER8T7luPQT2T4YSrNfrf/+MYG
+XEV+deahaj0thLWIGQH4ezN00b/Lgksy+E0/vJGvSFMCnVekxWqh9u2wBisiUHxm
+kwIDAQAB
+-----END PUBLIC KEY-----""",
+ "public_key_id": "https://example.com/test-actor#test-key",
+ }
+
+
+@pytest.fixture
+def config_system(keypair):
+ Config.system = Config.SystemOptions(
+ system_actor_private_key=keypair["private_key"],
+ system_actor_public_key=keypair["public_key"],
+ )
+ yield Config.system
diff --git a/tests/core/test_signatures.py b/tests/core/test_signatures.py
new file mode 100644
index 0000000..f15e090
--- /dev/null
+++ b/tests/core/test_signatures.py
@@ -0,0 +1,114 @@
+import pytest
+from asgiref.sync import async_to_sync
+from django.test.client import RequestFactory
+from pytest_httpx import HTTPXMock
+
+from core.signatures import HttpSignature, LDSignature, VerificationError
+
+
+def test_sign_ld(keypair):
+ """
+ Tests signing JSON-LD documents by round-tripping them through the
+ verifier.
+ """
+ # Create the signature
+ document = {
+ "id": "https://example.com/test-create",
+ "type": "Create",
+ "actor": "https://example.com/test-actor",
+ "object": {
+ "id": "https://example.com/test-object",
+ "type": "Note",
+ },
+ }
+ signature_section = LDSignature.create_signature(
+ document,
+ keypair["private_key"],
+ keypair["public_key_id"],
+ )
+ # Check it and assign it to the document
+ assert "signatureValue" in signature_section
+ assert signature_section["type"] == "RsaSignature2017"
+ document["signature"] = signature_section
+ # Now verify it ourselves
+ LDSignature.verify_signature(document, keypair["public_key"])
+
+
+def test_verifying_ld(keypair):
+ """
+ Tests verifying JSON-LD signatures from a known-good document
+ """
+ document = {
+ "id": "https://example.com/test-create",
+ "type": "Create",
+ "actor": "https://example.com/test-actor",
+ "object": {"id": "https://example.com/test-object", "type": "Note"},
+ "signature": {
+ "@context": "https://w3id.org/identity/v1",
+ "creator": "https://example.com/test-actor#test-key",
+ "created": "2022-11-12T21:41:47Z",
+ "signatureValue": "nTHfkHqG4hegfnjpHucXtXDLDaIKi2Duk+NeCzqTtkjf4NneXsofbZY2tGew4uAooEe1UeM23PIyjWYnR16KwcD4YY8nMj8L3xY2czwQPScMM9n+KhSHzkWfX+iI4FWKbjpPI8M53EtTRJU+1qEjjmGUx03Ip0vfvT5821etIgvY4wLNhg3y7R8fevnNux+BeytcEV6gM4awJJ6RK0xrWGLyTgDNon5V5aNUjwcV/UVPy9UAQi1KYWtA74/F0Y4oPzL5CTudPpyiViyVHZQaal4r+ExzgSvGztqKxQeT1ya6gLXxbm1YQ+8UiGVSS8zoGhMFDEZWVsRPv7e0jm5wfA==",
+ "type": "RsaSignature2017",
+ },
+ }
+ # Ensure it verifies with correct data
+ LDSignature.verify_signature(document, keypair["public_key"])
+ # Mutate it slightly and ensure it does not verify
+ with pytest.raises(VerificationError):
+ document["actor"] = "https://example.com/evil-actor"
+ LDSignature.verify_signature(document, keypair["public_key"])
+
+
+def test_sign_http(httpx_mock: HTTPXMock, keypair):
+ """
+ Tests signing HTTP requests by round-tripping them through our verifier
+ """
+ # Create document
+ document = {
+ "id": "https://example.com/test-create",
+ "type": "Create",
+ "actor": "https://example.com/test-actor",
+ "object": {
+ "id": "https://example.com/test-object",
+ "type": "Note",
+ },
+ }
+ # Send the signed request to the mock library
+ httpx_mock.add_response()
+ async_to_sync(HttpSignature.signed_request)(
+ uri="https://example.com/test-actor",
+ body=document,
+ private_key=keypair["private_key"],
+ key_id=keypair["public_key_id"],
+ )
+ # Retrieve it and construct a fake request object
+ outbound_request = httpx_mock.get_request()
+ fake_request = RequestFactory().post(
+ path="/test-actor",
+ data=outbound_request.content,
+ content_type=outbound_request.headers["content-type"],
+ HTTP_HOST="example.com",
+ HTTP_DATE=outbound_request.headers["date"],
+ HTTP_SIGNATURE=outbound_request.headers["signature"],
+ HTTP_DIGEST=outbound_request.headers["digest"],
+ )
+ # Verify that
+ HttpSignature.verify_request(fake_request, keypair["public_key"])
+
+
+def test_verify_http(keypair):
+ """
+ Tests verifying HTTP requests against a known good example
+ """
+ # Make our predictable request
+ fake_request = RequestFactory().post(
+ path="/test-actor",
+ data=b'{"id": "https://example.com/test-create", "type": "Create", "actor": "https://example.com/test-actor", "object": {"id": "https://example.com/test-object", "type": "Note"}}',
+ content_type="application/json",
+ HTTP_HOST="example.com",
+ HTTP_DATE="Sat, 12 Nov 2022 21:57:18 GMT",
+ HTTP_SIGNATURE='keyId="https://example.com/test-actor#test-key",headers="(request-target) host date digest content-type",signature="IRduYoDJIh90mprjUgOIdxY1iaBWHs5ou9vsDlcmSekg6DXMZTiXjmZxbNIrnpEbNFu3wTcqz1nv9H97Gp7orbYMuHm6j2ecxsvzSr37T9jxBbt3Ov3xSfuYWwhv6PuTWNxHtUQWNuAIc3wHDAQt8Flnak/uHe7swoAq4uHq2kt18iMW6CEV9XA5ESFho2HSUgRaifoNxJlIWbHYPJiP0t9aktgGBkpQoZ8ulOj3Ew4RwC1lwk9kzWiLIjU4tSAie8RbIy2g0aUvA1tQh9Uge1by3o7+349SL5iooj+B6WSCEvvjEl52wo3xoEQmv0ptYuSPLUgB9tP8q7DoHEc8Dw==",algorithm="rsa-sha256"',
+ HTTP_DIGEST="SHA-256=07sIbQ3GlOHWMbFMNajtPNtmUQXXu20UuvrIYLlI3kc=",
+ )
+ # Verify that
+ HttpSignature.verify_request(fake_request, keypair["public_key"], skip_date=True)
diff --git a/tests/users/models/test_identity.py b/tests/users/models/test_identity.py
new file mode 100644
index 0000000..13c08f0
--- /dev/null
+++ b/tests/users/models/test_identity.py
@@ -0,0 +1,178 @@
+import pytest
+from asgiref.sync import async_to_sync
+
+from core.models import Config
+from users.models import Domain, Identity, User
+from users.views.identity import CreateIdentity
+
+
+@pytest.mark.django_db
+def test_create_identity_form(config_system, client):
+ """ """
+ # Make a user
+ user = User.objects.create(email="test@example.com")
+ admin = User.objects.create(email="admin@example.com", admin=True)
+ # Make a domain
+ domain = Domain.objects.create(domain="example.com", local=True)
+ domain.users.add(user)
+ domain.users.add(admin)
+
+ # Test identity_min_length
+ data = {
+ "username": "a",
+ "domain": domain.domain,
+ "name": "The User",
+ }
+
+ form = CreateIdentity.form_class(user=user, data=data)
+ assert not form.is_valid()
+ assert "username" in form.errors
+ assert "value has at least" in form.errors["username"][0]
+
+ form = CreateIdentity.form_class(user=admin, data=data)
+ assert form.errors == {}
+
+ # Test restricted_usernames
+ data = {
+ "username": "@root",
+ "domain": domain.domain,
+ "name": "The User",
+ }
+
+ form = CreateIdentity.form_class(user=user, data=data)
+ assert not form.is_valid()
+ assert "username" in form.errors
+ assert "restricted to administrators" in form.errors["username"][0]
+
+ form = CreateIdentity.form_class(user=admin, data=data)
+ assert form.errors == {}
+
+ # Test valid chars
+ data = {
+ "username": "@someval!!!!",
+ "domain": domain.domain,
+ "name": "The User",
+ }
+
+ for u in (user, admin):
+ form = CreateIdentity.form_class(user=u, data=data)
+ assert not form.is_valid()
+ assert "username" in form.errors
+ assert form.errors["username"][0].startswith("Only the letters")
+
+
+@pytest.mark.django_db
+def test_identity_max_per_user(config_system, client):
+ """
+ Ensures that the identity limit is functioning
+ """
+ # Make a user
+ user = User.objects.create(email="test@example.com")
+ # Make a domain
+ domain = Domain.objects.create(domain="example.com", local=True)
+ domain.users.add(user)
+ # Make an identity for them
+ for i in range(Config.system.identity_max_per_user):
+ identity = Identity.objects.create(
+ actor_uri=f"https://example.com/@test{i}@example.com/actor/",
+ username=f"test{i}",
+ domain=domain,
+ name=f"Test User{i}",
+ local=True,
+ )
+ identity.users.add(user)
+
+ data = {
+ "username": "toomany",
+ "domain": domain.domain,
+ "name": "Too Many",
+ }
+ form = CreateIdentity.form_class(user=user, data=data)
+ assert form.errors["__all__"][0].startswith("You are not allowed more than")
+
+ user.admin = True
+ form = CreateIdentity.form_class(user=user, data=data)
+ assert form.is_valid()
+
+
+@pytest.mark.django_db
+def test_fetch_actor(httpx_mock, config_system):
+ """
+ Ensures that making identities via actor fetching works
+ """
+ # Make a shell remote identity
+ identity = Identity.objects.create(
+ actor_uri="https://example.com/test-actor/",
+ local=False,
+ )
+
+ # Trigger actor fetch
+ httpx_mock.add_response(
+ url="https://example.com/.well-known/webfinger?resource=acct:test@example.com",
+ json={
+ "subject": "acct:test@example.com",
+ "aliases": [
+ "https://example.com/test-actor/",
+ ],
+ "links": [
+ {
+ "rel": "http://webfinger.net/rel/profile-page",
+ "type": "text/html",
+ "href": "https://example.com/test-actor/",
+ },
+ {
+ "rel": "self",
+ "type": "application/activity+json",
+ "href": "https://example.com/test-actor/",
+ },
+ ],
+ },
+ )
+ httpx_mock.add_response(
+ url="https://example.com/test-actor/",
+ json={
+ "@context": [
+ "https://www.w3.org/ns/activitystreams",
+ "https://w3id.org/security/v1",
+ ],
+ "id": "https://example.com/test-actor/",
+ "type": "Person",
+ "inbox": "https://example.com/test-actor/inbox/",
+ "publicKey": {
+ "id": "https://example.com/test-actor/#main-key",
+ "owner": "https://example.com/test-actor/",
+ "publicKeyPem": "-----BEGIN PUBLIC KEY-----\nits-a-faaaake\n-----END PUBLIC KEY-----\n",
+ },
+ "followers": "https://example.com/test-actor/followers/",
+ "following": "https://example.com/test-actor/following/",
+ "icon": {
+ "type": "Image",
+ "mediaType": "image/jpeg",
+ "url": "https://example.com/icon.jpg",
+ },
+ "image": {
+ "type": "Image",
+ "mediaType": "image/jpeg",
+ "url": "https://example.com/image.jpg",
+ },
+ "as:manuallyApprovesFollowers": False,
+ "name": "Test User",
+ "preferredUsername": "test",
+ "published": "2022-11-02T00:00:00Z",
+ "summary": "A test user
",
+ "url": "https://example.com/test-actor/view/",
+ },
+ )
+ async_to_sync(identity.fetch_actor)()
+
+ # Verify the data arrived
+ identity = Identity.objects.get(pk=identity.pk)
+ assert identity.name == "Test User"
+ assert identity.username == "test"
+ assert identity.domain_id == "example.com"
+ assert identity.profile_uri == "https://example.com/test-actor/view/"
+ assert identity.inbox_uri == "https://example.com/test-actor/inbox/"
+ assert identity.icon_uri == "https://example.com/icon.jpg"
+ assert identity.image_uri == "https://example.com/image.jpg"
+ assert identity.summary == "A test user
"
+ assert "ts-a-faaaake" in identity.public_key
diff --git a/tests/users/views/test_activitypub.py b/tests/users/views/test_activitypub.py
new file mode 100644
index 0000000..72ab8c3
--- /dev/null
+++ b/tests/users/views/test_activitypub.py
@@ -0,0 +1,31 @@
+import pytest
+
+from users.models import Domain, Identity, User
+
+
+@pytest.mark.django_db
+def test_webfinger_actor(client):
+ """
+ Ensures the webfinger and actor URLs are working properly
+ """
+ # Make a user
+ user = User.objects.create(email="test@example.com")
+ # Make a domain
+ domain = Domain.objects.create(domain="example.com", local=True)
+ domain.users.add(user)
+ # Make an identity for them
+ identity = Identity.objects.create(
+ actor_uri="https://example.com/@test@example.com/",
+ username="test",
+ domain=domain,
+ name="Test User",
+ local=True,
+ )
+ identity.generate_keypair()
+ # Fetch their webfinger
+ data = client.get("/.well-known/webfinger?resource=acct:test@example.com").json()
+ assert data["subject"] == "acct:test@example.com"
+ assert data["aliases"][0] == "https://example.com/@test/"
+ # Fetch their actor
+ data = client.get("/@test@example.com/", HTTP_ACCEPT="application/ld+json").json()
+ assert data["id"] == "https://example.com/@test@example.com/"
diff --git a/tests/users/views/test_auth.py b/tests/users/views/test_auth.py
new file mode 100644
index 0000000..22e1fb6
--- /dev/null
+++ b/tests/users/views/test_auth.py
@@ -0,0 +1,59 @@
+import mock
+import pytest
+
+from core.models import Config
+from users.models import User
+
+
+@pytest.fixture
+def config_system():
+ # TODO: Good enough for now, but a better Config mocking system is needed
+ result = Config.load_system()
+ with mock.patch("core.models.Config.load_system", return_value=result):
+ yield result
+
+
+@pytest.mark.django_db
+def test_signup_disabled(client, config_system):
+ # Signup disabled and no signup text
+ config_system.signup_allowed = False
+ resp = client.get("/auth/signup/")
+ assert resp.status_code == 200
+ content = str(resp.content)
+ assert "Not accepting new users at this time" in content
+ assert "" not in content
+
+ # Signup disabled with signup text configured
+ config_system.signup_text = "Go away!!!!!!"
+ resp = client.get("/auth/signup/")
+ assert resp.status_code == 200
+ content = str(resp.content)
+ assert "Go away!!!!!!" in content
+
+ # Ensure direct POST doesn't side step guard
+ resp = client.post(
+ "/auth/signup/", data={"email": "test_signup_disabled@example.org"}
+ )
+ assert resp.status_code == 200
+ assert not User.objects.filter(email="test_signup_disabled@example.org").exists()
+
+ # Signup enabled
+ config_system.signup_allowed = True
+ resp = client.get("/auth/signup/")
+ assert resp.status_code == 200
+ content = str(resp.content)
+ assert "Not accepting new users at this time" not in content
+ assert "" in content
+
+
+@pytest.mark.django_db
+def test_signup_invite_only(client, config_system):
+ config_system.signup_allowed = True
+ config_system.signup_invite_only = True
+
+ resp = client.get("/auth/signup/")
+ assert resp.status_code == 200
+ content = str(resp.content)
+ assert 'name="invite_code"' in content
+
+ # TODO: Actually test this
--
cgit v1.2.3