projects / akkoma / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge remote-tracking branch 'remotes/origin/develop' into auth-improvements
[akkoma] / test / pleroma / web / plugs / o_auth_plug_test.exs
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.Plugs.OAuthPlugTest do
6 use Pleroma.Web.ConnCase, async: true
7
8 alias Pleroma.Web.OAuth.Token
9 alias Pleroma.Web.OAuth.Token.Strategy.Revoke
10 alias Pleroma.Web.Plugs.OAuthPlug
11 alias Plug.Session
12
13 import Pleroma.Factory
14
15 setup %{conn: conn} do
16 user = insert(:user)
17 {:ok, oauth_token} = Token.create(insert(:oauth_app), user)
18 %{user: user, token: oauth_token, conn: conn}
19 end
20
21 test "it does nothing if a user is assigned", %{conn: conn} do
22 conn = assign(conn, :user, %Pleroma.User{})
23 ret_conn = OAuthPlug.call(conn, %{})
24
25 assert ret_conn == conn
26 end
27
28 test "with valid token (uppercase) in auth header, it assigns the user", %{conn: conn} = opts do
29 conn =
30 conn
31 |> put_req_header("authorization", "BEARER #{opts[:token].token}")
32 |> OAuthPlug.call(%{})
33
34 assert conn.assigns[:user] == opts[:user]
35 end
36
37 test "with valid token (downcase) in auth header, it assigns the user", %{conn: conn} = opts do
38 conn =
39 conn
40 |> put_req_header("authorization", "bearer #{opts[:token].token}")
41 |> OAuthPlug.call(%{})
42
43 assert conn.assigns[:user] == opts[:user]
44 end
45
46 test "with valid token (downcase) in url parameters, it assigns the user", opts do
47 conn =
48 :get
49 |> build_conn("/?access_token=#{opts[:token].token}")
50 |> put_req_header("content-type", "application/json")
51 |> fetch_query_params()
52 |> OAuthPlug.call(%{})
53
54 assert conn.assigns[:user] == opts[:user]
55 end
56
57 test "with valid token (downcase) in body parameters, it assigns the user", opts do
58 conn =
59 :post
60 |> build_conn("/api/v1/statuses", access_token: opts[:token].token, status: "test")
61 |> OAuthPlug.call(%{})
62
63 assert conn.assigns[:user] == opts[:user]
64 end
65
66 test "with invalid token, it does not assign the user", %{conn: conn} do
67 conn =
68 conn
69 |> put_req_header("authorization", "bearer TTTTT")
70 |> OAuthPlug.call(%{})
71
72 refute conn.assigns[:user]
73 end
74
75 describe "with :oauth_token in session, " do
76 setup %{token: oauth_token, conn: conn} do
77 session_opts = [
78 store: :cookie,
79 key: "_test",
80 signing_salt: "cooldude"
81 ]
82
83 conn =
84 conn
85 |> Session.call(Session.init(session_opts))
86 |> fetch_session()
87 |> put_session(:oauth_token, oauth_token.token)
88
89 %{conn: conn}
90 end
91
92 test "if session-stored token matches a valid OAuth token, assigns :user and :token", %{
93 conn: conn,
94 user: user,
95 token: oauth_token
96 } do
97 conn = OAuthPlug.call(conn, %{})
98
99 assert conn.assigns.user && conn.assigns.user.id == user.id
100 assert conn.assigns.token && conn.assigns.token.id == oauth_token.id
101 end
102
103 test "if session-stored token matches an expired OAuth token, does nothing", %{
104 conn: conn,
105 token: oauth_token
106 } do
107 expired_valid_until = NaiveDateTime.add(NaiveDateTime.utc_now(), -3600 * 24, :second)
108
109 oauth_token
110 |> Ecto.Changeset.change(valid_until: expired_valid_until)
111 |> Pleroma.Repo.update()
112
113 ret_conn = OAuthPlug.call(conn, %{})
114 assert ret_conn == conn
115 end
116
117 test "if session-stored token matches a revoked OAuth token, does nothing", %{
118 conn: conn,
119 token: oauth_token
120 } do
121 Revoke.revoke(oauth_token)
122
123 ret_conn = OAuthPlug.call(conn, %{})
124 assert ret_conn == conn
125 end
126 end
127 end
Fork of https://akkoma.dev/AkkomaGang/akkoma.git