1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.Plugs.AdminSecretAuthenticationPlugTest do
6 use Pleroma.Web.ConnCase
11 alias Pleroma.Web.Plugs.AdminSecretAuthenticationPlug
12 alias Pleroma.Web.Plugs.OAuthScopesPlug
13 alias Pleroma.Web.Plugs.PlugHelper
14 alias Pleroma.Web.Plugs.RateLimiter
16 test "does nothing if a user is assigned", %{conn: conn} do
21 |> assign(:user, user)
25 |> AdminSecretAuthenticationPlug.call(%{})
27 assert conn == ret_conn
30 describe "when secret set it assigns an admin user" do
31 setup do: clear_config([:admin_token])
33 setup_with_mocks([{RateLimiter, [:passthrough], []}]) do
37 test "with `admin_token` query parameter", %{conn: conn} do
38 Pleroma.Config.put(:admin_token, "password123")
41 %{conn | params: %{"admin_token" => "wrong_password"}}
42 |> AdminSecretAuthenticationPlug.call(%{})
44 refute conn.assigns[:user]
45 assert called(RateLimiter.call(conn, name: :authentication))
48 %{conn | params: %{"admin_token" => "password123"}}
49 |> AdminSecretAuthenticationPlug.call(%{})
51 assert conn.assigns[:user].is_admin
52 assert conn.assigns[:token] == nil
53 assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)
56 test "with `x-admin-token` HTTP header", %{conn: conn} do
57 Pleroma.Config.put(:admin_token, "☕️")
61 |> put_req_header("x-admin-token", "🥛")
62 |> AdminSecretAuthenticationPlug.call(%{})
64 refute conn.assigns[:user]
65 assert called(RateLimiter.call(conn, name: :authentication))
69 |> put_req_header("x-admin-token", "☕️")
70 |> AdminSecretAuthenticationPlug.call(%{})
72 assert conn.assigns[:user].is_admin
73 assert conn.assigns[:token] == nil
74 assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)