git.squeep.com Git - akkoma/blob - test/pleroma/web/mastodon_api/controllers/auth_controller_test.exs

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.MastodonAPI.AuthControllerTest do
   6   use Pleroma.Web.ConnCase, async: true
   7
   8   alias Pleroma.Config
   9   alias Pleroma.Repo
  10   alias Pleroma.Tests.ObanHelpers
  11
  12   import Pleroma.Factory
  13   import Swoosh.TestAssertions
  14
  15   describe "GET /web/login" do
  16     setup %{conn: conn} do
  17       session_opts = [
  18         store: :cookie,
  19         key: "_test",
  20         signing_salt: "cooldude"
  21       ]
  22
  23       conn =
  24         conn
  25         |> Plug.Session.call(Plug.Session.init(session_opts))
  26         |> fetch_session()
  27
  28       test_path = "/web/statuses/test"
  29       %{conn: conn, path: test_path}
  30     end
  31
  32     test "redirects to the saved path after log in", %{conn: conn, path: path} do
  33       app = insert(:oauth_app, client_name: "Mastodon-Local", redirect_uris: ".")
  34       auth = insert(:oauth_authorization, app: app)
  35
  36       conn =
  37         conn
  38         |> put_session(:return_to, path)
  39         |> get("/web/login", %{code: auth.token})
  40
  41       assert conn.status == 302
  42       assert redirected_to(conn) =~ path
  43     end
  44
  45     test "redirects to the getting-started page when referer is not present", %{conn: conn} do
  46       app = insert(:oauth_app, client_name: "Mastodon-Local", redirect_uris: ".")
  47       auth = insert(:oauth_authorization, app: app)
  48
  49       conn = get(conn, "/web/login", %{code: auth.token})
  50
  51       assert conn.status == 302
  52       assert redirected_to(conn) =~ "/web/getting-started"
  53     end
  54   end
  55
  56   describe "POST /auth/password, with valid parameters" do
  57     setup %{conn: conn} do
  58       user = insert(:user)
  59       conn = post(conn, "/auth/password?email=#{user.email}")
  60       %{conn: conn, user: user}
  61     end
  62
  63     test "it returns 204", %{conn: conn} do
  64       assert empty_json_response(conn)
  65     end
  66
  67     test "it creates a PasswordResetToken record for user", %{user: user} do
  68       token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
  69       assert token_record
  70     end
  71
  72     test "it sends an email to user", %{user: user} do
  73       ObanHelpers.perform_all()
  74       token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
  75
  76       email = Pleroma.Emails.UserEmail.password_reset_email(user, token_record.token)
  77       notify_email = Config.get([:instance, :notify_email])
  78       instance_name = Config.get([:instance, :name])
  79
  80       assert_email_sent(
  81         from: {instance_name, notify_email},
  82         to: {user.name, user.email},
  83         html_body: email.html_body
  84       )
  85     end
  86   end
  87
  88   describe "POST /auth/password, with nickname" do
  89     test "it returns 204", %{conn: conn} do
  90       user = insert(:user)
  91
  92       assert conn
  93              |> post("/auth/password?nickname=#{user.nickname}")
  94              |> empty_json_response()
  95
  96       ObanHelpers.perform_all()
  97       token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
  98
  99       email = Pleroma.Emails.UserEmail.password_reset_email(user, token_record.token)
 100       notify_email = Config.get([:instance, :notify_email])
 101       instance_name = Config.get([:instance, :name])
 102
 103       assert_email_sent(
 104         from: {instance_name, notify_email},
 105         to: {user.name, user.email},
 106         html_body: email.html_body
 107       )
 108     end
 109
 110     test "it doesn't fail when a user has no email", %{conn: conn} do
 111       user = insert(:user, %{email: nil})
 112
 113       assert conn
 114              |> post("/auth/password?nickname=#{user.nickname}")
 115              |> empty_json_response()
 116     end
 117   end
 118
 119   describe "POST /auth/password, with invalid parameters" do
 120     setup do
 121       user = insert(:user)
 122       {:ok, user: user}
 123     end
 124
 125     test "it returns 204 when user is not found", %{conn: conn, user: user} do
 126       conn = post(conn, "/auth/password?email=nonexisting_#{user.email}")
 127
 128       assert empty_json_response(conn)
 129     end
 130
 131     test "it returns 204 when user is not local", %{conn: conn, user: user} do
 132       {:ok, user} = Repo.update(Ecto.Changeset.change(user, local: false))
 133       conn = post(conn, "/auth/password?email=#{user.email}")
 134
 135       assert empty_json_response(conn)
 136     end
 137
 138     test "it returns 204 when user is deactivated", %{conn: conn, user: user} do
 139       {:ok, user} = Repo.update(Ecto.Changeset.change(user, is_active: false, local: true))
 140       conn = post(conn, "/auth/password?email=#{user.email}")
 141
 142       assert empty_json_response(conn)
 143     end
 144   end
 145
 146   describe "DELETE /auth/sign_out" do
 147     test "redirect to root page", %{conn: conn} do
 148       user = insert(:user)
 149
 150       conn =
 151         conn
 152         |> assign(:user, user)
 153         |> delete("/auth/sign_out")
 154
 155       assert conn.status == 302
 156       assert redirected_to(conn) == "/"
 157     end
 158   end
 159 end