1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.Plugs.SessionAuthenticationPlugTest do
6 use Pleroma.Web.ConnCase, async: true
9 alias Pleroma.Web.Plugs.OAuthScopesPlug
10 alias Pleroma.Web.Plugs.PlugHelper
11 alias Pleroma.Web.Plugs.SessionAuthenticationPlug
13 setup %{conn: conn} do
17 signing_salt: "cooldude"
22 |> Plug.Session.call(Plug.Session.init(session_opts))
24 |> assign(:auth_user, %User{id: 1})
29 test "it does nothing if a user is assigned", %{conn: conn} do
30 conn = assign(conn, :user, %User{})
31 ret_conn = SessionAuthenticationPlug.call(conn, %{})
33 assert ret_conn == conn
36 # Scenario: requester has the cookie and knows the username (not necessarily knows the password)
37 test "if the auth_user has the same id as the user_id in the session, it assigns the user", %{
42 |> put_session(:user_id, conn.assigns.auth_user.id)
43 |> SessionAuthenticationPlug.call(%{})
45 assert conn.assigns.user == conn.assigns.auth_user
46 assert conn.assigns.token == nil
47 assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)
50 # Scenario: requester has the cookie but doesn't know the username
51 test "if the auth_user has a different id as the user_id in the session, it does nothing", %{
54 conn = put_session(conn, :user_id, -1)
55 ret_conn = SessionAuthenticationPlug.call(conn, %{})
57 assert ret_conn == conn
60 test "if the session does not contain user_id, it does nothing", %{
63 assert conn == SessionAuthenticationPlug.call(conn, %{})