Work around WordPress SSRF protection (#371)

* Use new UBOS WordPress customizationpoint `disablessrfprotection`. * Record ubos-admin error messages * Closes #367 * Fix name of the node we are logging into, copy-paste error * Uncomment wait_until_actor_is_follow* calls in smoke test; however, fails with WordPress due to #370. Co-authored-by: Johannes Ernst <git@j12t.org>
fediverse-devnet · Sep 30, 2024 · a1862cf · a1862cf
1 parent ead10a6
commit a1862cf
Show file tree

Hide file tree

Showing 4 changed files with 34 additions and 20 deletions.
diff --git a/src/feditest/nodedrivers/wordpress/__init__.py b/src/feditest/nodedrivers/wordpress/__init__.py
@@ -114,7 +114,7 @@ def mastodon_user_client(self) -> Mastodon:
             node = cast(NodeWithMastodonAPI, self._node)
             oauth_app = cast(MastodonOAuthApp, node._mastodon_oauth_app)
             self._ensure_oauth_token(oauth_app.client_id)
-            trace(f'Logging into Mastodon at "{ oauth_app.api_base_url }" with userid "{ self.userid }" with OAuth token "{ self._oauth_token }".')
+            trace(f'Logging into WordPress at "{ oauth_app.api_base_url }" with userid "{ self.userid }" with OAuth token "{ self._oauth_token }".')
             client = Mastodon(
                 client_id = oauth_app.client_id,
                 client_secret=oauth_app.client_secret,

diff --git a/src/feditest/nodedrivers/wordpress/ubos.py b/src/feditest/nodedrivers/wordpress/ubos.py
@@ -101,8 +101,9 @@ def _provision_oauth_token_for(self, account: WordPressAccount, oauth_client_id:
         cmd = f'cd { dir } && sudo sudo -u http php' # from user ubosdev -> root -> http
 
         trace( f'PHP script is "{ php_script }"')
-        if node_driver._exec_shell(cmd, config.rshcmd, stdin_content=php_script).returncode:
-            raise Exception(self, f'Failed to create OAuth token for user with id="{ account.userid }", cmd: { cmd }"')
+        result = node_driver._exec_shell(cmd, config.rshcmd, stdin_content=php_script, capture_output=True)
+        if result.returncode:
+            raise Exception(self, f'Failed to create OAuth token for user with id="{ account.userid }", cmd="{ cmd }", stdout="{ result.stdout}", stderr="{ result.stderr }"')
         return token
 
 
@@ -152,7 +153,14 @@ def create_configuration_account_manager(self, rolename: str, test_plan_node: Te
                         "wordpress-plugin-friends",
                         "wordpress-plugin-webfinger"
                     ],
-                    "context" : ""
+                    "context" : "",
+                    "customizationpoints" : {
+                        "wordpress" : {
+                            "disablessrfprotection" : {
+                                "value" : True
+                            }
+                        }
+                    }
                 },
                 defaults = {
                     'app' : 'WordPress + ActivityPub plugin'

diff --git a/src/feditest/ubos/__init__.py b/src/feditest/ubos/__init__.py
@@ -112,12 +112,14 @@ class UbosAdminException(Exception):
     """
     Thrown if a `ubos-admin` operation failed.
     """
-    def __init__(self, node_driver: 'UbosNodeDriver', cmd: str, indata: str | None = None, out: str | None = None):
+    def __init__(self, node_driver: 'UbosNodeDriver', cmd: str, indata: str | None = None, stdout: str | None = None, stderr: str | None = None):
         msg = f'node_driver: { node_driver }, cmd: "{ cmd }"'
         if indata:
             msg += f'\ninput data: { indata }'
-        if out:
-            msg += f'\nout: { out }'
+        if stdout:
+            msg += f'\nstdout: { stdout }'
+        if stderr:
+            msg += f'\nstderr: { stderr }'
         super().__init__(msg)
 
 
@@ -472,8 +474,10 @@ def _provision_node_from_backupfile(self, config: UbosNodeFromBackupConfiguratio
         """
         emptySiteJson = config.obtain_empty_site_json()
 
-        if self._exec_shell('sudo ubos-admin deploy --stdin', config.rshcmd, emptySiteJson).returncode:
-            raise UbosAdminException(self, 'sudo ubos-admin deploy --stdin', emptySiteJson)
+        cmd = 'sudo ubos-admin deploy --stdin'
+        result = self._exec_shell(cmd, config.rshcmd, emptySiteJson, capture_output=True)
+        if result.returncode:
+            raise UbosAdminException(self, cmd, emptySiteJson, result.stdout, result.stderr)
 
         # From `ubos-admin restore --help`:
         #    ubos-admin restore --appconfigid <appconfigid> --tositeid <tositeid> --createnew [--newappconfigid <newid>] [--newcontext <context>] --in <backupfile>
@@ -494,15 +498,18 @@ def _provision_node_from_backupfile(self, config: UbosNodeFromBackupConfiguratio
         cmd += ' --newcontext ""'
         cmd += f' --in "{ config.backupfile }"'
 
-        if self._exec_shell(cmd, config.rshcmd).returncode:
-            raise UbosAdminException(self, cmd)
+        result = self._exec_shell(cmd, config.rshcmd, capture_output=True)
+        if result.returncode:
+            raise UbosAdminException(self, cmd, result.stdout, result.stderr)
 
 
     def _provision_node_with_generated_sitejson(self, config: UbosNodeDeployConfiguration, account_manager: AccountManager) -> None:
         siteJson = config.obtain_site_json()
 
-        if self._exec_shell('sudo ubos-admin deploy --stdin', config.rshcmd, siteJson).returncode:
-            raise UbosAdminException(self, 'sudo ubos-admin deploy --stdin', siteJson)
+        cmd = 'sudo ubos-admin deploy --stdin'
+        result = self._exec_shell(cmd, config.rshcmd, siteJson, capture_output=True)
+        if result.returncode:
+            raise UbosAdminException(self, cmd, siteJson, result.stdout, result.stderr)
 
 
     def _getAppConfigJson(self, config: UbosNodeDeployConfiguration) -> dict[str,Any]:
@@ -520,8 +527,10 @@ def _instantiate_ubos_node(self, rolename: str, config: UbosNodeConfiguration, a
     def _unprovision_node(self, node: Node) -> None:
         trace(f'UbosNodeDriver unprovision node { node.rolename }')
         config = cast(UbosNodeConfiguration, node.config)
-        if self._exec_shell( f"sudo ubos-admin undeploy --siteid { config.siteid }", config.rshcmd).returncode:
-            raise UbosAdminException(self, f"sudo ubos-admin undeploy --siteid { config.siteid }")
+        cmd = f"sudo ubos-admin undeploy --siteid { config.siteid }"
+        result = self._exec_shell(cmd, config.rshcmd, capture_output=True)
+        if result.returncode:
+            raise UbosAdminException(self, cmd, result.stdout, result.stderr)
 
 
     def _cleanup_node(self, config: UbosNodeConfiguration):

diff --git a/tests.smoke/tests/nodes_with_mastodon_api_communicate.py b/tests.smoke/tests/nodes_with_mastodon_api_communicate.py
@@ -7,7 +7,6 @@
 from feditest import step, test
 from feditest.nodedrivers.mastodon import NodeWithMastodonAPI
 
-import time
 
 @test
 class FollowTest:
@@ -46,14 +45,12 @@ def follow(self):
 
     @step
     def wait_until_actor_is_followed_by_actor(self):
-        # self.leader_node.wait_until_actor_is_followed_by_actor(self.leader_actor_uri, self.follower_actor_uri)
-        time.sleep(5)
+        self.leader_node.wait_until_actor_is_followed_by_actor(self.leader_actor_uri, self.follower_actor_uri)
 
 
     @step
     def wait_until_actor_is_following_actor(self):
-        # self.follower_node.wait_until_actor_is_following_actor(self.follower_actor_uri, self.leader_actor_uri)
-        time.sleep(5)
+        self.follower_node.wait_until_actor_is_following_actor(self.follower_actor_uri, self.leader_actor_uri)
 
 
     @step