From 1b9c887dbb8d87814f8d9cc11cfcbc8802348b22 Mon Sep 17 00:00:00 2001
From: Mark Felder <feld@feld.me>
Date: Thu, 25 Jul 2024 12:54:27 -0400
Subject: Extract validate_signature/2 from the HTTPSignaturePlug

This logic only exists in the Plug, so attempting to validate the signature by calling the library function HTTPSignature.validate_conn/2 directly will never work because we do not attempt to construct the (request-target) and @request-target headers with both the commonly misinterpreted and correct implementation of this field. Therefore all attempts to validate a signature from an Oban Job will fail.
---
 config/test.exs | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

(limited to 'config')

diff --git a/config/test.exs b/config/test.exs
index 5d9541f43..8a5694054 100644
--- a/config/test.exs
+++ b/config/test.exs
@@ -158,8 +158,7 @@ config :pleroma, Pleroma.Uploaders.IPFS, config_impl: Pleroma.UnstubbedConfigMoc
 config :pleroma, Pleroma.Web.Plugs.HTTPSecurityPlug, config_impl: Pleroma.StaticStubbedConfigMock
 config :pleroma, Pleroma.Web.Plugs.HTTPSignaturePlug, config_impl: Pleroma.StaticStubbedConfigMock
 
-config :pleroma, Pleroma.Web.Plugs.HTTPSignaturePlug,
-  http_signatures_impl: Pleroma.StubbedHTTPSignaturesMock
+config :pleroma, Pleroma.Signature, http_signatures_impl: Pleroma.StubbedHTTPSignaturesMock
 
 peer_module =
   if String.to_integer(System.otp_release()) >= 25 do
-- 
cgit v1.2.3