1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MastodonAPI.AuthControllerTest do
6 use Pleroma.Web.ConnCase, async: true
10 alias Pleroma.Tests.ObanHelpers
12 import Pleroma.Factory
13 import Swoosh.TestAssertions
15 describe "GET /web/login" do
16 setup %{conn: conn} do
20 signing_salt: "cooldude"
25 |> Plug.Session.call(Plug.Session.init(session_opts))
28 test_path = "/web/statuses/test"
29 %{conn: conn, path: test_path}
32 test "redirects to the saved path after log in", %{conn: conn, path: path} do
33 app = insert(:oauth_app, client_name: "Mastodon-Local", redirect_uris: ".")
34 auth = insert(:oauth_authorization, app: app)
38 |> put_session(:return_to, path)
39 |> get("/web/login", %{code: auth.token})
41 assert conn.status == 302
42 assert redirected_to(conn) =~ path
45 test "redirects to the getting-started page when referer is not present", %{conn: conn} do
46 app = insert(:oauth_app, client_name: "Mastodon-Local", redirect_uris: ".")
47 auth = insert(:oauth_authorization, app: app)
49 conn = get(conn, "/web/login", %{code: auth.token})
51 assert conn.status == 302
52 assert redirected_to(conn) =~ "/web/getting-started"
56 describe "POST /auth/password, with valid parameters" do
57 setup %{conn: conn} do
59 conn = post(conn, "/auth/password?email=#{user.email}")
60 %{conn: conn, user: user}
63 test "it returns 204", %{conn: conn} do
64 assert empty_json_response(conn)
67 test "it creates a PasswordResetToken record for user", %{user: user} do
68 token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
72 test "it sends an email to user", %{user: user} do
73 ObanHelpers.perform_all()
74 token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
76 email = Pleroma.Emails.UserEmail.password_reset_email(user, token_record.token)
77 notify_email = Config.get([:instance, :notify_email])
78 instance_name = Config.get([:instance, :name])
81 from: {instance_name, notify_email},
82 to: {user.name, user.email},
83 html_body: email.html_body
88 describe "POST /auth/password, with nickname" do
89 test "it returns 204", %{conn: conn} do
93 |> post("/auth/password?nickname=#{user.nickname}")
94 |> empty_json_response()
96 ObanHelpers.perform_all()
97 token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
99 email = Pleroma.Emails.UserEmail.password_reset_email(user, token_record.token)
100 notify_email = Config.get([:instance, :notify_email])
101 instance_name = Config.get([:instance, :name])
104 from: {instance_name, notify_email},
105 to: {user.name, user.email},
106 html_body: email.html_body
110 test "it doesn't fail when a user has no email", %{conn: conn} do
111 user = insert(:user, %{email: nil})
114 |> post("/auth/password?nickname=#{user.nickname}")
115 |> empty_json_response()
119 describe "POST /auth/password, with invalid parameters" do
125 test "it returns 204 when user is not found", %{conn: conn, user: user} do
126 conn = post(conn, "/auth/password?email=nonexisting_#{user.email}")
128 assert empty_json_response(conn)
131 test "it returns 204 when user is not local", %{conn: conn, user: user} do
132 {:ok, user} = Repo.update(Ecto.Changeset.change(user, local: false))
133 conn = post(conn, "/auth/password?email=#{user.email}")
135 assert empty_json_response(conn)
138 test "it returns 204 when user is deactivated", %{conn: conn, user: user} do
139 {:ok, user} = Repo.update(Ecto.Changeset.change(user, deactivated: true, local: true))
140 conn = post(conn, "/auth/password?email=#{user.email}")
142 assert empty_json_response(conn)
146 describe "DELETE /auth/sign_out" do
147 test "redirect to root page", %{conn: conn} do
152 |> assign(:user, user)
153 |> delete("/auth/sign_out")
155 assert conn.status == 302
156 assert redirected_to(conn) == "/"