From 08949cca413ae7df2a7b8e845e8c9a0e3c246b3a Mon Sep 17 00:00:00 2001 From: Matt Jankowski Date: Wed, 10 May 2017 18:19:37 -0400 Subject: [PATCH] Pubsub confirmation worker spec (#2974) * Add specs for valid challenge response from pubsub confirmation worker * Refactor the pubsub confirmation worker --- .../pubsubhubbub/confirmation_worker.rb | 88 +++++++++++++++---- .../pubsubhubbub/confirmation_worker_spec.rb | 88 +++++++++++++++++++ 2 files changed, 159 insertions(+), 17 deletions(-) create mode 100644 spec/workers/pubsubhubbub/confirmation_worker_spec.rb diff --git a/app/workers/pubsubhubbub/confirmation_worker.rb b/app/workers/pubsubhubbub/confirmation_worker.rb index b02dd3f55..9186c5d7d 100644 --- a/app/workers/pubsubhubbub/confirmation_worker.rb +++ b/app/workers/pubsubhubbub/confirmation_worker.rb @@ -6,31 +6,85 @@ class Pubsubhubbub::ConfirmationWorker sidekiq_options queue: 'push', retry: false + attr_reader :subscription, :mode, :secret, :lease_seconds + def perform(subscription_id, mode, secret = nil, lease_seconds = nil) - subscription = Subscription.find(subscription_id) - challenge = SecureRandom.hex + @subscription = Subscription.find(subscription_id) + @mode = mode + @secret = secret + @lease_seconds = lease_seconds + process_confirmation + end - subscription.secret = secret - subscription.lease_seconds = lease_seconds - subscription.confirmed = true + private - response = HTTP.headers(user_agent: 'Mastodon/PubSubHubbub') - .timeout(:per_operation, write: 20, connect: 20, read: 50) - .get(subscription.callback_url, params: { - 'hub.topic' => account_url(subscription.account, format: :atom), - 'hub.mode' => mode, - 'hub.challenge' => challenge, - 'hub.lease_seconds' => subscription.lease_seconds, - }) + def process_confirmation + prepare_subscription - body = response.body.to_s + confirm_callback + logger.debug "Confirming PuSH subscription for #{subscription.callback_url} with challenge #{challenge}: #{callback_response_body}" - logger.debug "Confirming PuSH subscription for #{subscription.callback_url} with challenge #{challenge}: #{body}" + update_subscription + end - if mode == 'subscribe' && body == challenge + def update_subscription + if successful_subscribe? subscription.save! - elsif (mode == 'unsubscribe' && body == challenge) || !subscription.confirmed? + elsif successful_unsubscribe? subscription.destroy! end end + + def successful_subscribe? + subscribing? && response_matches_challenge? + end + + def successful_unsubscribe? + (unsubscribing? && response_matches_challenge?) || !subscription.confirmed? + end + + def response_matches_challenge? + callback_response_body == challenge + end + + def subscribing? + mode == 'subscribe' + end + + def unsubscribing? + mode == 'unsubscribe' + end + + def confirm_callback + @_confirm_callback ||= callback_get_with_params + end + + def callback_get_with_params + HTTP.headers(user_agent: 'Mastodon/PubSubHubbub') + .timeout(:per_operation, write: 20, connect: 20, read: 50) + .get(subscription.callback_url, params: callback_params) + end + + def callback_response_body + confirm_callback.body.to_s + end + + def callback_params + { + 'hub.topic' => account_url(subscription.account, format: :atom), + 'hub.mode' => mode, + 'hub.challenge' => challenge, + 'hub.lease_seconds' => subscription.lease_seconds, + } + end + + def prepare_subscription + subscription.secret = secret + subscription.lease_seconds = lease_seconds + subscription.confirmed = true + end + + def challenge + @_challenge ||= SecureRandom.hex + end end diff --git a/spec/workers/pubsubhubbub/confirmation_worker_spec.rb b/spec/workers/pubsubhubbub/confirmation_worker_spec.rb new file mode 100644 index 000000000..3951c1a50 --- /dev/null +++ b/spec/workers/pubsubhubbub/confirmation_worker_spec.rb @@ -0,0 +1,88 @@ +# frozen_string_literal: true + +require 'rails_helper' + +describe Pubsubhubbub::ConfirmationWorker do + include RoutingHelper + + subject { described_class.new } + + let!(:alice) { Fabricate(:account, username: 'alice') } + let!(:subscription) { Fabricate(:subscription, account_id: alice.id, callback_url: 'http://example.com/api', confirmed: false, expires_at: 3.days.from_now, secret: nil) } + + describe 'perform' do + describe 'with subscribe mode' do + it 'confirms and updates subscription when challenge matches' do + stub_random_value + stub_request(:get, url_for_mode('subscribe')) + .with(headers: http_headers) + .to_return(status: 200, body: challenge_value, headers: {}) + + seconds = 10.days.seconds.to_i + subject.perform(subscription.id, 'subscribe', 'asdf', seconds) + + subscription.reload + expect(subscription.secret).to eq 'asdf' + expect(subscription.confirmed).to eq true + expect(subscription.expires_at).to be_within(5).of(10.days.from_now) + end + + it 'does not update subscription when challenge does not match' do + stub_random_value + stub_request(:get, url_for_mode('subscribe')) + .with(headers: http_headers) + .to_return(status: 200, body: 'wrong value', headers: {}) + + seconds = 10.days.seconds.to_i + subject.perform(subscription.id, 'subscribe', 'asdf', seconds) + + subscription.reload + expect(subscription.secret).to be_blank + expect(subscription.confirmed).to eq false + expect(subscription.expires_at).to be_within(5).of(3.days.from_now) + end + end + + describe 'with unsubscribe mode' do + it 'confirms and destroys subscription when challenge matches' do + stub_random_value + stub_request(:get, url_for_mode('unsubscribe')) + .with(headers: http_headers) + .to_return(status: 200, body: challenge_value, headers: {}) + + seconds = 10.days.seconds.to_i + subject.perform(subscription.id, 'unsubscribe', 'asdf', seconds) + + expect { subscription.reload }.to raise_error(ActiveRecord::RecordNotFound) + end + + it 'does not destroy subscription when challenge does not match' do + stub_random_value + stub_request(:get, url_for_mode('unsubscribe')) + .with(headers: http_headers) + .to_return(status: 200, body: 'wrong value', headers: {}) + + seconds = 10.days.seconds.to_i + subject.perform(subscription.id, 'unsubscribe', 'asdf', seconds) + + expect { subscription.reload }.not_to raise_error + end + end + end + + def url_for_mode(mode) + "http://example.com/api?hub.challenge=#{challenge_value}&hub.lease_seconds=863999&hub.mode=#{mode}&hub.topic=https://#{Rails.configuration.x.local_domain}/users/alice.atom" + end + + def stub_random_value + allow(SecureRandom).to receive(:hex).and_return(challenge_value) + end + + def challenge_value + '1a2s3d4f' + end + + def http_headers + { 'Connection' => 'close', 'Host' => 'example.com', 'User-Agent' => 'Mastodon/PubSubHubbub' } + end +end