From 086ba59d0346be870dc7df2660fbb55666bf0af7 Mon Sep 17 00:00:00 2001
From: "Haelwenn (lanodan) Monnier" <contact@hacktivis.me>
Date: Sat, 16 Dec 2023 18:56:46 +0100
Subject: HTTPSignaturePlug: Add :authorized_fetch_mode_exceptions

---
 test/pleroma/web/plugs/http_signature_plug_test.exs | 19 +++++++++++++++++++
 1 file changed, 19 insertions(+)

(limited to 'test')

diff --git a/test/pleroma/web/plugs/http_signature_plug_test.exs b/test/pleroma/web/plugs/http_signature_plug_test.exs
index 2d8fba3cd..deb7e4a23 100644
--- a/test/pleroma/web/plugs/http_signature_plug_test.exs
+++ b/test/pleroma/web/plugs/http_signature_plug_test.exs
@@ -81,5 +81,24 @@ defmodule Pleroma.Web.Plugs.HTTPSignaturePlugTest do
       assert conn.state == :sent
       assert conn.resp_body == "Request not signed"
     end
+
+    test "exempts specific IPs from `authorized_fetch_mode_exceptions`", %{conn: conn} do
+      clear_config([:activitypub, :authorized_fetch_mode_exceptions], ["192.168.0.0/24"])
+
+      with_mock HTTPSignatures, validate_conn: fn _ -> false end do
+        conn =
+          conn
+          |> Map.put(:remote_ip, {192, 168, 0, 1})
+          |> put_req_header(
+            "signature",
+            "keyId=\"http://mastodon.example.org/users/admin#main-key"
+          )
+          |> HTTPSignaturePlug.call(%{})
+
+        assert conn.remote_ip == {192, 168, 0, 1}
+        assert conn.halted == false
+        assert called(HTTPSignatures.validate_conn(:_))
+      end
+    end
   end
 end
-- 
cgit v1.2.3