Fetch updated key if old key is invalid.

2020-05-22 13:49:56 +01:00 · 2020-05-22 13:49:56 +01:00 · 5cfc9aa8de
commit 5cfc9aa8de
parent 17734940ac
3 changed files with 96 additions and 19 deletions
--- a/fedireads/tests/test_signing.py
+++ b/fedireads/tests/test_signing.py
@ -98,6 +98,58 @@ class Signature(TestCase):
        response = self.send_test_request(sender=self.fake_remote)
        self.assertEqual(response.status_code, 200)

+    @responses.activate
+    def test_key_needs_refresh(self):
+        datafile = pathlib.Path(__file__).parent.joinpath('data/ap_user.json')
+        data = json.loads(datafile.read_bytes())
+        data['id'] = self.fake_remote.remote_id
+        data['publicKey']['publicKeyPem'] = self.fake_remote.public_key
+        del data['icon'] # Avoid having to return an avatar.
+        responses.add(
+            responses.GET,
+            self.fake_remote.remote_id,
+            json=data,
+            status=200)
+        responses.add(
+            responses.GET,
+            'https://localhost/.well-known/nodeinfo',
+            status=404)
+        responses.add(
+            responses.GET,
+            'https://example.com/user/mouse/outbox?page=true',
+            json={'orderedItems': []},
+            status=200
+        )
+
+        # Second and subsequent fetches get a different key:
+        new_private_key, new_public_key = create_key_pair()
+        new_sender = Sender(
+            self.fake_remote.remote_id, new_private_key, new_public_key)
+        data['publicKey']['publicKeyPem'] = new_public_key
+        responses.add(
+            responses.GET,
+            self.fake_remote.remote_id,
+            json=data,
+            status=200)
+
+
+        # Key correct:
+        response = self.send_test_request(sender=self.fake_remote)
+        self.assertEqual(response.status_code, 200)
+
+        # Old key is cached, so still works:
+        response = self.send_test_request(sender=self.fake_remote)
+        self.assertEqual(response.status_code, 200)
+
+        # Try with new key:
+        response = self.send_test_request(sender=new_sender)
+        self.assertEqual(response.status_code, 200)
+
+        # Now the old key will fail:
+        response = self.send_test_request(sender=self.fake_remote)
+        self.assertEqual(response.status_code, 401)
+
+
    @responses.activate
    def test_nonexistent_signer(self):
        responses.add(