Bump Copyright to 2021
[akkoma] / test / pleroma / web / mastodon_api / controllers / auth_controller_test.exs
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.MastodonAPI.AuthControllerTest do
6 use Pleroma.Web.ConnCase, async: true
7
8 alias Pleroma.Config
9 alias Pleroma.Repo
10 alias Pleroma.Tests.ObanHelpers
11
12 import Pleroma.Factory
13 import Swoosh.TestAssertions
14
15 describe "GET /web/login" do
16 setup %{conn: conn} do
17 session_opts = [
18 store: :cookie,
19 key: "_test",
20 signing_salt: "cooldude"
21 ]
22
23 conn =
24 conn
25 |> Plug.Session.call(Plug.Session.init(session_opts))
26 |> fetch_session()
27
28 test_path = "/web/statuses/test"
29 %{conn: conn, path: test_path}
30 end
31
32 test "redirects to the saved path after log in", %{conn: conn, path: path} do
33 app = insert(:oauth_app, client_name: "Mastodon-Local", redirect_uris: ".")
34 auth = insert(:oauth_authorization, app: app)
35
36 conn =
37 conn
38 |> put_session(:return_to, path)
39 |> get("/web/login", %{code: auth.token})
40
41 assert conn.status == 302
42 assert redirected_to(conn) =~ path
43 end
44
45 test "redirects to the getting-started page when referer is not present", %{conn: conn} do
46 app = insert(:oauth_app, client_name: "Mastodon-Local", redirect_uris: ".")
47 auth = insert(:oauth_authorization, app: app)
48
49 conn = get(conn, "/web/login", %{code: auth.token})
50
51 assert conn.status == 302
52 assert redirected_to(conn) =~ "/web/getting-started"
53 end
54 end
55
56 describe "POST /auth/password, with valid parameters" do
57 setup %{conn: conn} do
58 user = insert(:user)
59 conn = post(conn, "/auth/password?email=#{user.email}")
60 %{conn: conn, user: user}
61 end
62
63 test "it returns 204", %{conn: conn} do
64 assert empty_json_response(conn)
65 end
66
67 test "it creates a PasswordResetToken record for user", %{user: user} do
68 token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
69 assert token_record
70 end
71
72 test "it sends an email to user", %{user: user} do
73 ObanHelpers.perform_all()
74 token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
75
76 email = Pleroma.Emails.UserEmail.password_reset_email(user, token_record.token)
77 notify_email = Config.get([:instance, :notify_email])
78 instance_name = Config.get([:instance, :name])
79
80 assert_email_sent(
81 from: {instance_name, notify_email},
82 to: {user.name, user.email},
83 html_body: email.html_body
84 )
85 end
86 end
87
88 describe "POST /auth/password, with nickname" do
89 test "it returns 204", %{conn: conn} do
90 user = insert(:user)
91
92 assert conn
93 |> post("/auth/password?nickname=#{user.nickname}")
94 |> empty_json_response()
95
96 ObanHelpers.perform_all()
97 token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
98
99 email = Pleroma.Emails.UserEmail.password_reset_email(user, token_record.token)
100 notify_email = Config.get([:instance, :notify_email])
101 instance_name = Config.get([:instance, :name])
102
103 assert_email_sent(
104 from: {instance_name, notify_email},
105 to: {user.name, user.email},
106 html_body: email.html_body
107 )
108 end
109
110 test "it doesn't fail when a user has no email", %{conn: conn} do
111 user = insert(:user, %{email: nil})
112
113 assert conn
114 |> post("/auth/password?nickname=#{user.nickname}")
115 |> empty_json_response()
116 end
117 end
118
119 describe "POST /auth/password, with invalid parameters" do
120 setup do
121 user = insert(:user)
122 {:ok, user: user}
123 end
124
125 test "it returns 204 when user is not found", %{conn: conn, user: user} do
126 conn = post(conn, "/auth/password?email=nonexisting_#{user.email}")
127
128 assert empty_json_response(conn)
129 end
130
131 test "it returns 204 when user is not local", %{conn: conn, user: user} do
132 {:ok, user} = Repo.update(Ecto.Changeset.change(user, local: false))
133 conn = post(conn, "/auth/password?email=#{user.email}")
134
135 assert empty_json_response(conn)
136 end
137
138 test "it returns 204 when user is deactivated", %{conn: conn, user: user} do
139 {:ok, user} = Repo.update(Ecto.Changeset.change(user, deactivated: true, local: true))
140 conn = post(conn, "/auth/password?email=#{user.email}")
141
142 assert empty_json_response(conn)
143 end
144 end
145
146 describe "DELETE /auth/sign_out" do
147 test "redirect to root page", %{conn: conn} do
148 user = insert(:user)
149
150 conn =
151 conn
152 |> assign(:user, user)
153 |> delete("/auth/sign_out")
154
155 assert conn.status == 302
156 assert redirected_to(conn) == "/"
157 end
158 end
159 end