git.squeep.com Git - akkoma/blob - test/plugs/authentication_plug_test.exs

   1 defmodule Pleroma.Plugs.AuthenticationPlugTest do
   2   use Pleroma.Web.ConnCase, async: true
   3
   4   alias Pleroma.Plugs.AuthenticationPlug
   5   alias Pleroma.User
   6
   7   defp fetch_nil(_name) do
   8     {:ok, nil}
   9   end
  10
  11   @user %User{
  12     id: 1,
  13     name: "dude",
  14     password_hash: Comeonin.Pbkdf2.hashpwsalt("guy")
  15   }
  16
  17   @deactivated %User{
  18     id: 1,
  19     name: "dude",
  20     password_hash: Comeonin.Pbkdf2.hashpwsalt("guy"),
  21     info: %{"deactivated" => true}
  22   }
  23
  24   @session_opts [
  25     store: :cookie,
  26     key: "_test",
  27     signing_salt: "cooldude"
  28   ]
  29
  30   defp fetch_user(_name) do
  31     {:ok, @user}
  32   end
  33
  34   defp basic_auth_enc(username, password) do
  35     "Basic " <> Base.encode64("#{username}:#{password}")
  36   end
  37
  38   describe "without an authorization header" do
  39     test "it halts the application" do
  40       conn = build_conn()
  41       |> Plug.Session.call(Plug.Session.init(@session_opts))
  42       |> fetch_session
  43       |> AuthenticationPlug.call(%{})
  44
  45       assert conn.status == 403
  46       assert conn.halted == true
  47     end
  48
  49     test "it assigns a nil user if the 'optional' option is used" do
  50       conn = build_conn()
  51       |> Plug.Session.call(Plug.Session.init(@session_opts))
  52       |> fetch_session
  53       |> AuthenticationPlug.call(%{optional: true})
  54
  55       assert %{ user: nil } == conn.assigns
  56     end
  57   end
  58
  59   describe "with an authorization header for a nonexisting user" do
  60     test "it halts the application" do
  61       conn =
  62         build_conn()
  63         |> Plug.Session.call(Plug.Session.init(@session_opts))
  64         |> fetch_session
  65         |> AuthenticationPlug.call(%{fetcher: &fetch_nil/1})
  66
  67       assert conn.status == 403
  68       assert conn.halted == true
  69     end
  70
  71     test "it assigns a nil user if the 'optional' option is used" do
  72       conn =
  73         build_conn()
  74         |> Plug.Session.call(Plug.Session.init(@session_opts))
  75         |> fetch_session
  76         |> AuthenticationPlug.call(%{optional: true, fetcher: &fetch_nil/1 })
  77
  78       assert %{ user: nil } == conn.assigns
  79     end
  80   end
  81
  82   describe "with an incorrect authorization header for a enxisting user" do
  83     test "it halts the application" do
  84       opts = %{
  85         fetcher: &fetch_user/1
  86       }
  87
  88       header = basic_auth_enc("dude", "man")
  89
  90       conn =
  91         build_conn()
  92         |> Plug.Session.call(Plug.Session.init(@session_opts))
  93         |> fetch_session
  94         |> put_req_header("authorization", header)
  95         |> AuthenticationPlug.call(opts)
  96
  97       assert conn.status == 403
  98       assert conn.halted == true
  99     end
 100
 101     test "it assigns a nil user if the 'optional' option is used" do
 102       opts = %{
 103         optional: true,
 104         fetcher: &fetch_user/1
 105       }
 106
 107       header = basic_auth_enc("dude", "man")
 108
 109       conn =
 110         build_conn()
 111         |> Plug.Session.call(Plug.Session.init(@session_opts))
 112         |> fetch_session
 113         |> put_req_header("authorization", header)
 114         |> AuthenticationPlug.call(opts)
 115
 116       assert %{ user: nil } == conn.assigns
 117     end
 118   end
 119
 120   describe "with a correct authorization header for an existing user" do
 121     test "it assigns the user", %{conn: conn} do
 122       opts = %{
 123         optional: true,
 124         fetcher: &fetch_user/1
 125       }
 126
 127       header = basic_auth_enc("dude", "guy")
 128
 129       conn = conn
 130         |> Plug.Session.call(Plug.Session.init(@session_opts))
 131         |> fetch_session
 132         |> put_req_header("authorization", header)
 133         |> AuthenticationPlug.call(opts)
 134
 135       assert %{ user: @user } == conn.assigns
 136       assert get_session(conn, :user_id) == @user.id
 137       assert conn.halted == false
 138     end
 139   end
 140
 141   describe "with a correct authorization header for an deactiviated user" do
 142     test "it halts the appication", %{conn: conn} do
 143       opts = %{
 144         optional: false,
 145         fetcher: fn _ -> @deactivated end
 146       }
 147
 148       header = basic_auth_enc("dude", "guy")
 149
 150       conn = conn
 151         |> Plug.Session.call(Plug.Session.init(@session_opts))
 152         |> fetch_session
 153         |> put_req_header("authorization", header)
 154         |> AuthenticationPlug.call(opts)
 155
 156       assert conn.status == 403
 157       assert conn.halted == true
 158     end
 159   end
 160
 161   describe "with a user_id in the session for an existing user" do
 162     test "it assigns the user", %{conn: conn} do
 163       opts = %{
 164         optional: true,
 165         fetcher: &fetch_user/1
 166       }
 167
 168       header = basic_auth_enc("dude", "THIS IS WRONG")
 169
 170       conn = conn
 171         |> Plug.Session.call(Plug.Session.init(@session_opts))
 172         |> fetch_session
 173         |> put_session(:user_id, @user.id)
 174         |> put_req_header("authorization", header)
 175         |> AuthenticationPlug.call(opts)
 176
 177       assert %{ user: @user } == conn.assigns
 178       assert get_session(conn, :user_id) == @user.id
 179       assert conn.halted == false
 180     end
 181   end
 182
 183   describe "with an assigned user" do
 184     test "it does nothing, returning the incoming conn", %{conn: conn} do
 185       conn = conn
 186       |> assign(:user, @user)
 187
 188       conn_result = AuthenticationPlug.call(conn, %{})
 189
 190       assert conn == conn_result
 191     end
 192   end
 193 end