1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Plugs.AdminSecretAuthenticationPlugTest do
6 use Pleroma.Web.ConnCase, async: true
9 alias Pleroma.Plugs.AdminSecretAuthenticationPlug
11 test "does nothing if a user is assigned", %{conn: conn} do
16 |> assign(:user, user)
20 |> AdminSecretAuthenticationPlug.call(%{})
22 assert conn == ret_conn
25 describe "when secret set it assigns an admin user" do
26 setup do: clear_config([:admin_token])
28 test "with `admin_token` query parameter", %{conn: conn} do
29 Pleroma.Config.put(:admin_token, "password123")
32 %{conn | params: %{"admin_token" => "wrong_password"}}
33 |> AdminSecretAuthenticationPlug.call(%{})
35 refute conn.assigns[:user]
38 %{conn | params: %{"admin_token" => "password123"}}
39 |> AdminSecretAuthenticationPlug.call(%{})
41 assert conn.assigns[:user].is_admin
44 test "with `x-admin-token` HTTP header", %{conn: conn} do
45 Pleroma.Config.put(:admin_token, "☕️")
49 |> put_req_header("x-admin-token", "🥛")
50 |> AdminSecretAuthenticationPlug.call(%{})
52 refute conn.assigns[:user]
56 |> put_req_header("x-admin-token", "☕️")
57 |> AdminSecretAuthenticationPlug.call(%{})
59 assert conn.assigns[:user].is_admin