diff --git a/internal/api/s2s/user/repliesget_test.go b/internal/api/s2s/user/repliesget_test.go index a785b2cff..ccd2eb4f6 100644 --- a/internal/api/s2s/user/repliesget_test.go +++ b/internal/api/s2s/user/repliesget_test.go @@ -15,7 +15,6 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/suite" "github.com/superseriousbusiness/gotosocial/internal/api/s2s/user" - "github.com/superseriousbusiness/gotosocial/internal/api/security" "github.com/superseriousbusiness/gotosocial/testrig" ) @@ -23,35 +22,6 @@ type RepliesGetTestSuite struct { UserStandardTestSuite } -func (suite *RepliesGetTestSuite) SetupSuite() { - suite.testTokens = testrig.NewTestTokens() - suite.testClients = testrig.NewTestClients() - suite.testApplications = testrig.NewTestApplications() - suite.testUsers = testrig.NewTestUsers() - suite.testAccounts = testrig.NewTestAccounts() - suite.testAttachments = testrig.NewTestAttachments() - suite.testStatuses = testrig.NewTestStatuses() -} - -func (suite *RepliesGetTestSuite) SetupTest() { - suite.config = testrig.NewTestConfig() - suite.db = testrig.NewTestDB() - suite.tc = testrig.NewTestTypeConverter(suite.db) - suite.storage = testrig.NewTestStorage() - suite.log = testrig.NewTestLog() - suite.federator = testrig.NewTestFederator(suite.db, testrig.NewTestTransportController(testrig.NewMockHTTPClient(nil), suite.db), suite.storage) - suite.processor = testrig.NewTestProcessor(suite.db, suite.storage, suite.federator) - suite.userModule = user.New(suite.config, suite.processor, suite.log).(*user.Module) - suite.securityModule = security.New(suite.config, suite.db, suite.log).(*security.Module) - testrig.StandardDBSetup(suite.db, suite.testAccounts) - testrig.StandardStorageSetup(suite.storage, "../../../../testrig/media") -} - -func (suite *RepliesGetTestSuite) TearDownTest() { - testrig.StandardDBTeardown(suite.db) - testrig.StandardStorageTeardown(suite.storage) -} - func (suite *RepliesGetTestSuite) TestGetReplies() { // the dereference we're gonna use derefRequests := testrig.NewTestDereferenceRequests(suite.testAccounts) diff --git a/internal/api/s2s/user/user_test.go b/internal/api/s2s/user/user_test.go index 269ca4bab..768dd941b 100644 --- a/internal/api/s2s/user/user_test.go +++ b/internal/api/s2s/user/user_test.go @@ -12,9 +12,9 @@ import ( "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" "github.com/superseriousbusiness/gotosocial/internal/processing" "github.com/superseriousbusiness/gotosocial/internal/typeutils" + "github.com/superseriousbusiness/gotosocial/testrig" ) -// nolint type UserStandardTestSuite struct { // standard suite interfaces suite.Suite @@ -39,3 +39,32 @@ type UserStandardTestSuite struct { // module being tested userModule *user.Module } + +func (suite *UserStandardTestSuite) SetupSuite() { + suite.testTokens = testrig.NewTestTokens() + suite.testClients = testrig.NewTestClients() + suite.testApplications = testrig.NewTestApplications() + suite.testUsers = testrig.NewTestUsers() + suite.testAccounts = testrig.NewTestAccounts() + suite.testAttachments = testrig.NewTestAttachments() + suite.testStatuses = testrig.NewTestStatuses() +} + +func (suite *UserStandardTestSuite) SetupTest() { + suite.config = testrig.NewTestConfig() + suite.db = testrig.NewTestDB() + suite.tc = testrig.NewTestTypeConverter(suite.db) + suite.storage = testrig.NewTestStorage() + suite.log = testrig.NewTestLog() + suite.federator = testrig.NewTestFederator(suite.db, testrig.NewTestTransportController(testrig.NewMockHTTPClient(nil), suite.db), suite.storage) + suite.processor = testrig.NewTestProcessor(suite.db, suite.storage, suite.federator) + suite.userModule = user.New(suite.config, suite.processor, suite.log).(*user.Module) + suite.securityModule = security.New(suite.config, suite.db, suite.log).(*security.Module) + testrig.StandardDBSetup(suite.db, suite.testAccounts) + testrig.StandardStorageSetup(suite.storage, "../../../../testrig/media") +} + +func (suite *UserStandardTestSuite) TearDownTest() { + testrig.StandardDBTeardown(suite.db) + testrig.StandardStorageTeardown(suite.storage) +} diff --git a/internal/api/s2s/user/userget_test.go b/internal/api/s2s/user/userget_test.go index 29cc0e0d8..bcf53daa9 100644 --- a/internal/api/s2s/user/userget_test.go +++ b/internal/api/s2s/user/userget_test.go @@ -14,7 +14,6 @@ import ( "github.com/stretchr/testify/assert" "github.com/stretchr/testify/suite" "github.com/superseriousbusiness/gotosocial/internal/api/s2s/user" - "github.com/superseriousbusiness/gotosocial/internal/api/security" "github.com/superseriousbusiness/gotosocial/testrig" ) @@ -22,35 +21,6 @@ type UserGetTestSuite struct { UserStandardTestSuite } -func (suite *UserGetTestSuite) SetupSuite() { - suite.testTokens = testrig.NewTestTokens() - suite.testClients = testrig.NewTestClients() - suite.testApplications = testrig.NewTestApplications() - suite.testUsers = testrig.NewTestUsers() - suite.testAccounts = testrig.NewTestAccounts() - suite.testAttachments = testrig.NewTestAttachments() - suite.testStatuses = testrig.NewTestStatuses() -} - -func (suite *UserGetTestSuite) SetupTest() { - suite.config = testrig.NewTestConfig() - suite.db = testrig.NewTestDB() - suite.tc = testrig.NewTestTypeConverter(suite.db) - suite.storage = testrig.NewTestStorage() - suite.log = testrig.NewTestLog() - suite.federator = testrig.NewTestFederator(suite.db, testrig.NewTestTransportController(testrig.NewMockHTTPClient(nil), suite.db), suite.storage) - suite.processor = testrig.NewTestProcessor(suite.db, suite.storage, suite.federator) - suite.userModule = user.New(suite.config, suite.processor, suite.log).(*user.Module) - suite.securityModule = security.New(suite.config, suite.db, suite.log).(*security.Module) - testrig.StandardDBSetup(suite.db, suite.testAccounts) - testrig.StandardStorageSetup(suite.storage, "../../../../testrig/media") -} - -func (suite *UserGetTestSuite) TearDownTest() { - testrig.StandardDBTeardown(suite.db) - testrig.StandardStorageTeardown(suite.storage) -} - func (suite *UserGetTestSuite) TestGetUser() { // the dereference we're gonna use derefRequests := testrig.NewTestDereferenceRequests(suite.testAccounts) diff --git a/internal/api/s2s/webfinger/webfinger_test.go b/internal/api/s2s/webfinger/webfinger_test.go new file mode 100644 index 000000000..5c8dfd2f6 --- /dev/null +++ b/internal/api/s2s/webfinger/webfinger_test.go @@ -0,0 +1,124 @@ +/* + GoToSocial + Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +package webfinger_test + +import ( + "crypto/rand" + "crypto/rsa" + "time" + + "git.iim.gay/grufwub/go-store/kv" + "github.com/sirupsen/logrus" + "github.com/stretchr/testify/suite" + "github.com/superseriousbusiness/gotosocial/internal/ap" + "github.com/superseriousbusiness/gotosocial/internal/api/s2s/webfinger" + "github.com/superseriousbusiness/gotosocial/internal/api/security" + "github.com/superseriousbusiness/gotosocial/internal/config" + "github.com/superseriousbusiness/gotosocial/internal/db" + "github.com/superseriousbusiness/gotosocial/internal/federation" + "github.com/superseriousbusiness/gotosocial/internal/gtsmodel" + "github.com/superseriousbusiness/gotosocial/internal/processing" + "github.com/superseriousbusiness/gotosocial/internal/typeutils" + "github.com/superseriousbusiness/gotosocial/testrig" +) + +type WebfingerStandardTestSuite struct { + // standard suite interfaces + suite.Suite + config *config.Config + db db.DB + log *logrus.Logger + tc typeutils.TypeConverter + federator federation.Federator + processor processing.Processor + storage *kv.KVStore + securityModule *security.Module + + // standard suite models + testTokens map[string]*gtsmodel.Token + testClients map[string]*gtsmodel.Client + testApplications map[string]*gtsmodel.Application + testUsers map[string]*gtsmodel.User + testAccounts map[string]*gtsmodel.Account + testAttachments map[string]*gtsmodel.MediaAttachment + testStatuses map[string]*gtsmodel.Status + + // module being tested + webfingerModule *webfinger.Module +} + +func (suite *WebfingerStandardTestSuite) SetupSuite() { + suite.testTokens = testrig.NewTestTokens() + suite.testClients = testrig.NewTestClients() + suite.testApplications = testrig.NewTestApplications() + suite.testUsers = testrig.NewTestUsers() + suite.testAccounts = testrig.NewTestAccounts() + suite.testAttachments = testrig.NewTestAttachments() + suite.testStatuses = testrig.NewTestStatuses() +} + +func (suite *WebfingerStandardTestSuite) SetupTest() { + suite.config = testrig.NewTestConfig() + suite.db = testrig.NewTestDB() + suite.tc = testrig.NewTestTypeConverter(suite.db) + suite.storage = testrig.NewTestStorage() + suite.log = testrig.NewTestLog() + suite.federator = testrig.NewTestFederator(suite.db, testrig.NewTestTransportController(testrig.NewMockHTTPClient(nil), suite.db), suite.storage) + suite.processor = testrig.NewTestProcessor(suite.db, suite.storage, suite.federator) + suite.webfingerModule = webfinger.New(suite.config, suite.processor, suite.log).(*webfinger.Module) + suite.securityModule = security.New(suite.config, suite.db, suite.log).(*security.Module) + testrig.StandardDBSetup(suite.db, suite.testAccounts) + testrig.StandardStorageSetup(suite.storage, "../../../../testrig/media") +} + +func (suite *WebfingerStandardTestSuite) TearDownTest() { + testrig.StandardDBTeardown(suite.db) + testrig.StandardStorageTeardown(suite.storage) +} + +func accountDomainAccount() *gtsmodel.Account { + privateKey, err := rsa.GenerateKey(rand.Reader, 2048) + if err != nil { + panic(err) + } + publicKey := &privateKey.PublicKey + + acct := >smodel.Account{ + ID: "01FG1K8EA7SYHEC7V6XKVNC4ZA", + CreatedAt: time.Now(), + UpdatedAt: time.Now(), + Username: "aaaaa", + Domain: "", + Privacy: gtsmodel.VisibilityDefault, + Language: "en", + URI: "http://gts.example.org/users/aaaaa", + URL: "http://gts.example.org/@aaaaa", + InboxURI: "http://gts.example.org/users/aaaaa/inbox", + OutboxURI: "http://gts.example.org/users/aaaaa/outbox", + FollowingURI: "http://gts.example.org/users/aaaaa/following", + FollowersURI: "http://gts.example.org/users/aaaaa/followers", + FeaturedCollectionURI: "http://gts.example.org/users/aaaaa/collections/featured", + ActorType: ap.ActorPerson, + PrivateKey: privateKey, + PublicKey: publicKey, + PublicKeyURI: "http://gts.example.org/users/aaaaa/main-key", + } + + return acct +} diff --git a/internal/api/s2s/webfinger/webfingerget.go b/internal/api/s2s/webfinger/webfingerget.go index ee3176413..01e5e8e8a 100644 --- a/internal/api/s2s/webfinger/webfingerget.go +++ b/internal/api/s2s/webfinger/webfingerget.go @@ -43,19 +43,21 @@ func (m *Module) WebfingerGETRequest(c *gin.Context) { return } - withAcct := strings.Split(q, "acct:") - if len(withAcct) != 2 { - l.Debugf("aborting request because resource query %s could not be split by 'acct:'", q) + // remove the acct: prefix if it's present + trimAcct := strings.TrimPrefix(q, "acct:") + // remove the first @ in @whatever@example.org if it's present + namestring := strings.TrimPrefix(trimAcct, "@") + + // at this point we should have a string like some_user@example.org + l.Debugf("got finger request for '%s'", namestring) + + usernameAndAccountDomain := strings.Split(namestring, "@") + if len(usernameAndAccountDomain) != 2 { + l.Debugf("aborting request because username and domain could not be parsed from %s", namestring) c.JSON(http.StatusBadRequest, gin.H{"error": "bad request"}) return } - usernameAndAccountDomain := strings.Split(withAcct[1], "@") - if len(usernameAndAccountDomain) != 2 { - l.Debugf("aborting request because username and domain could not be parsed from %s", withAcct[1]) - c.JSON(http.StatusBadRequest, gin.H{"error": "bad request"}) - return - } username := strings.ToLower(usernameAndAccountDomain[0]) accountDomain := strings.ToLower(usernameAndAccountDomain[1]) if username == "" || accountDomain == "" { @@ -77,7 +79,7 @@ func (m *Module) WebfingerGETRequest(c *gin.Context) { ctx = context.WithValue(ctx, util.APRequestingPublicKeyVerifier, verifier) } - resp, err := m.processor.GetWebfingerAccount(ctx, username, c.Request.URL) + resp, err := m.processor.GetWebfingerAccount(ctx, username) if err != nil { l.Debugf("aborting request with an error: %s", err.Error()) c.JSON(err.Code(), gin.H{"error": err.Safe()}) diff --git a/internal/api/s2s/webfinger/webfingerget_test.go b/internal/api/s2s/webfinger/webfingerget_test.go new file mode 100644 index 000000000..b5de5d887 --- /dev/null +++ b/internal/api/s2s/webfinger/webfingerget_test.go @@ -0,0 +1,155 @@ +/* + GoToSocial + Copyright (C) 2021 GoToSocial Authors admin@gotosocial.org + + This program is free software: you can redistribute it and/or modify + it under the terms of the GNU Affero General Public License as published by + the Free Software Foundation, either version 3 of the License, or + (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the + GNU Affero General Public License for more details. + + You should have received a copy of the GNU Affero General Public License + along with this program. If not, see . +*/ + +package webfinger_test + +import ( + "context" + "fmt" + "io/ioutil" + "net/http" + "net/http/httptest" + "testing" + + "github.com/gin-gonic/gin" + "github.com/stretchr/testify/assert" + "github.com/stretchr/testify/suite" + "github.com/superseriousbusiness/gotosocial/internal/api/s2s/webfinger" + "github.com/superseriousbusiness/gotosocial/internal/processing" + "github.com/superseriousbusiness/gotosocial/testrig" +) + +type WebfingerGetTestSuite struct { + WebfingerStandardTestSuite +} + +func (suite *WebfingerGetTestSuite) TestFingerUser() { + targetAccount := suite.testAccounts["local_account_1"] + + // setup request + requestPath := fmt.Sprintf("/%s?resource=acct:%s@%s", webfinger.WebfingerBasePath, targetAccount.Username, suite.config.Host) + + recorder := httptest.NewRecorder() + ctx, _ := gin.CreateTestContext(recorder) + ctx.Request = httptest.NewRequest(http.MethodGet, requestPath, nil) // the endpoint we're hitting + + // trigger the function being tested + suite.webfingerModule.WebfingerGETRequest(ctx) + + // check response + suite.EqualValues(http.StatusOK, recorder.Code) + + result := recorder.Result() + defer result.Body.Close() + b, err := ioutil.ReadAll(result.Body) + assert.NoError(suite.T(), err) + + suite.Equal(`{"subject":"acct:the_mighty_zork@localhost:8080","aliases":["http://localhost:8080/users/the_mighty_zork","http://localhost:8080/@the_mighty_zork"],"links":[{"rel":"http://webfinger.net/rel/profile-page","type":"text/html","href":"http://localhost:8080/@the_mighty_zork"},{"rel":"self","type":"application/activity+json","href":"http://localhost:8080/users/the_mighty_zork"}]}`, string(b)) +} + +func (suite *WebfingerGetTestSuite) TestFingerUserWithDifferentAccountDomainByHost() { + suite.config.Host = "gts.example.org" + suite.config.AccountDomain = "example.org" + suite.processor = processing.NewProcessor(suite.config, suite.tc, suite.federator, testrig.NewTestOauthServer(suite.db), testrig.NewTestMediaHandler(suite.db, suite.storage), suite.storage, testrig.NewTestTimelineManager(suite.db), suite.db, suite.log) + suite.webfingerModule = webfinger.New(suite.config, suite.processor, suite.log).(*webfinger.Module) + + targetAccount := accountDomainAccount() + if err := suite.db.Put(context.Background(), targetAccount); err != nil { + panic(err) + } + + // setup request + requestPath := fmt.Sprintf("/%s?resource=acct:%s@%s", webfinger.WebfingerBasePath, targetAccount.Username, suite.config.Host) + + recorder := httptest.NewRecorder() + ctx, _ := gin.CreateTestContext(recorder) + ctx.Request = httptest.NewRequest(http.MethodGet, requestPath, nil) // the endpoint we're hitting + + // trigger the function being tested + suite.webfingerModule.WebfingerGETRequest(ctx) + + // check response + suite.EqualValues(http.StatusOK, recorder.Code) + + result := recorder.Result() + defer result.Body.Close() + b, err := ioutil.ReadAll(result.Body) + assert.NoError(suite.T(), err) + + suite.Equal(`{"subject":"acct:aaaaa@example.org","aliases":["http://gts.example.org/users/aaaaa","http://gts.example.org/@aaaaa"],"links":[{"rel":"http://webfinger.net/rel/profile-page","type":"text/html","href":"http://gts.example.org/@aaaaa"},{"rel":"self","type":"application/activity+json","href":"http://gts.example.org/users/aaaaa"}]}`, string(b)) +} + +func (suite *WebfingerGetTestSuite) TestFingerUserWithDifferentAccountDomainByAccountDomain() { + suite.config.Host = "gts.example.org" + suite.config.AccountDomain = "example.org" + suite.processor = processing.NewProcessor(suite.config, suite.tc, suite.federator, testrig.NewTestOauthServer(suite.db), testrig.NewTestMediaHandler(suite.db, suite.storage), suite.storage, testrig.NewTestTimelineManager(suite.db), suite.db, suite.log) + suite.webfingerModule = webfinger.New(suite.config, suite.processor, suite.log).(*webfinger.Module) + + targetAccount := accountDomainAccount() + if err := suite.db.Put(context.Background(), targetAccount); err != nil { + panic(err) + } + + // setup request + requestPath := fmt.Sprintf("/%s?resource=acct:%s@%s", webfinger.WebfingerBasePath, targetAccount.Username, suite.config.AccountDomain) + + recorder := httptest.NewRecorder() + ctx, _ := gin.CreateTestContext(recorder) + ctx.Request = httptest.NewRequest(http.MethodGet, requestPath, nil) // the endpoint we're hitting + + // trigger the function being tested + suite.webfingerModule.WebfingerGETRequest(ctx) + + // check response + suite.EqualValues(http.StatusOK, recorder.Code) + + result := recorder.Result() + defer result.Body.Close() + b, err := ioutil.ReadAll(result.Body) + assert.NoError(suite.T(), err) + + suite.Equal(`{"subject":"acct:aaaaa@example.org","aliases":["http://gts.example.org/users/aaaaa","http://gts.example.org/@aaaaa"],"links":[{"rel":"http://webfinger.net/rel/profile-page","type":"text/html","href":"http://gts.example.org/@aaaaa"},{"rel":"self","type":"application/activity+json","href":"http://gts.example.org/users/aaaaa"}]}`, string(b)) +} + +func (suite *WebfingerGetTestSuite) TestFingerUserWithoutAcct() { + targetAccount := suite.testAccounts["local_account_1"] + + // setup request -- leave out the 'acct:' prefix, which is prettymuch what pixelfed currently does + requestPath := fmt.Sprintf("/%s?resource=%s@%s", webfinger.WebfingerBasePath, targetAccount.Username, suite.config.Host) + + recorder := httptest.NewRecorder() + ctx, _ := gin.CreateTestContext(recorder) + ctx.Request = httptest.NewRequest(http.MethodGet, requestPath, nil) // the endpoint we're hitting + + // trigger the function being tested + suite.webfingerModule.WebfingerGETRequest(ctx) + + // check response + suite.EqualValues(http.StatusOK, recorder.Code) + + result := recorder.Result() + defer result.Body.Close() + b, err := ioutil.ReadAll(result.Body) + assert.NoError(suite.T(), err) + + suite.Equal(`{"subject":"acct:the_mighty_zork@localhost:8080","aliases":["http://localhost:8080/users/the_mighty_zork","http://localhost:8080/@the_mighty_zork"],"links":[{"rel":"http://webfinger.net/rel/profile-page","type":"text/html","href":"http://localhost:8080/@the_mighty_zork"},{"rel":"self","type":"application/activity+json","href":"http://localhost:8080/users/the_mighty_zork"}]}`, string(b)) +} + +func TestWebfingerGetTestSuite(t *testing.T) { + suite.Run(t, new(WebfingerGetTestSuite)) +} diff --git a/internal/config/default.go b/internal/config/default.go index 79f0e4086..ad171a376 100644 --- a/internal/config/default.go +++ b/internal/config/default.go @@ -9,6 +9,7 @@ func TestDefault() *Config { LogLevel: defaults.LogLevel, ApplicationName: defaults.ApplicationName, Host: defaults.Host, + AccountDomain: defaults.AccountDomain, Protocol: defaults.Protocol, Port: defaults.Port, TrustedProxies: defaults.TrustedProxies, @@ -204,7 +205,7 @@ func GetTestDefaults() Defaults { ApplicationName: "gotosocial", ConfigPath: "", Host: "localhost:8080", - AccountDomain: "", + AccountDomain: "localhost:8080", Protocol: "http", Port: 8080, TrustedProxies: []string{"127.0.0.1/32"}, diff --git a/internal/processing/federation.go b/internal/processing/federation.go index 352a6ddc2..1fccfa36e 100644 --- a/internal/processing/federation.go +++ b/internal/processing/federation.go @@ -371,7 +371,7 @@ func (p *processor) GetFediStatusReplies(ctx context.Context, requestedUsername return data, nil } -func (p *processor) GetWebfingerAccount(ctx context.Context, requestedUsername string, requestURL *url.URL) (*apimodel.WellKnownResponse, gtserror.WithCode) { +func (p *processor) GetWebfingerAccount(ctx context.Context, requestedUsername string) (*apimodel.WellKnownResponse, gtserror.WithCode) { // get the account the request is referring to requestedAccount, err := p.db.GetLocalAccountByUsername(ctx, requestedUsername) if err != nil { diff --git a/internal/processing/processor.go b/internal/processing/processor.go index bc6e6511b..6f36f6d21 100644 --- a/internal/processing/processor.go +++ b/internal/processing/processor.go @@ -202,7 +202,7 @@ type Processor interface { GetFediStatusReplies(ctx context.Context, requestedUsername string, requestedStatusID string, page bool, onlyOtherAccounts bool, minID string, requestURL *url.URL) (interface{}, gtserror.WithCode) // GetWebfingerAccount handles the GET for a webfinger resource. Most commonly, it will be used for returning account lookups. - GetWebfingerAccount(ctx context.Context, requestedUsername string, requestURL *url.URL) (*apimodel.WellKnownResponse, gtserror.WithCode) + GetWebfingerAccount(ctx context.Context, requestedUsername string) (*apimodel.WellKnownResponse, gtserror.WithCode) // GetNodeInfoRel returns a well known response giving the path to node info. GetNodeInfoRel(ctx context.Context, request *http.Request) (*apimodel.WellKnownResponse, gtserror.WithCode)