git.squeep.com Git - akkoma/blob - test/plugs/authentication_plug_test.exs

   1 defmodule Pleroma.Plugs.AuthenticationPlugTest do
   2   use Pleroma.Web.ConnCase, async: true
   3
   4   alias Pleroma.Plugs.AuthenticationPlug
   5   alias Pleroma.User
   6
   7   defp fetch_nil(_name) do
   8     {:ok, nil}
   9   end
  10
  11   @user %User{
  12     id: 1,
  13     name: "dude",
  14     password_hash: Comeonin.Pbkdf2.hashpwsalt("guy")
  15   }
  16
  17   @session_opts [
  18     store: :cookie,
  19     key: "_test",
  20     signing_salt: "cooldude"
  21   ]
  22
  23   defp fetch_user(_name) do
  24     {:ok, @user}
  25   end
  26
  27   defp basic_auth_enc(username, password) do
  28     "Basic " <> Base.encode64("#{username}:#{password}")
  29   end
  30
  31   describe "without an authorization header" do
  32     test "it halts the application" do
  33       conn = build_conn()
  34       |> Plug.Session.call(Plug.Session.init(@session_opts))
  35       |> fetch_session
  36       |> AuthenticationPlug.call(%{})
  37
  38       assert conn.status == 403
  39       assert conn.halted == true
  40     end
  41
  42     test "it assigns a nil user if the 'optional' option is used" do
  43       conn = build_conn()
  44       |> Plug.Session.call(Plug.Session.init(@session_opts))
  45       |> fetch_session
  46       |> AuthenticationPlug.call(%{optional: true})
  47
  48       assert %{ user: nil } == conn.assigns
  49     end
  50   end
  51
  52   describe "with an authorization header for a nonexisting user" do
  53     test "it halts the application" do
  54       conn =
  55         build_conn()
  56         |> Plug.Session.call(Plug.Session.init(@session_opts))
  57         |> fetch_session
  58         |> AuthenticationPlug.call(%{fetcher: &fetch_nil/1})
  59
  60       assert conn.status == 403
  61       assert conn.halted == true
  62     end
  63
  64     test "it assigns a nil user if the 'optional' option is used" do
  65       conn =
  66         build_conn()
  67         |> Plug.Session.call(Plug.Session.init(@session_opts))
  68         |> fetch_session
  69         |> AuthenticationPlug.call(%{optional: true, fetcher: &fetch_nil/1 })
  70
  71       assert %{ user: nil } == conn.assigns
  72     end
  73   end
  74
  75   describe "with an incorrect authorization header for a enxisting user" do
  76     test "it halts the application" do
  77       opts = %{
  78         fetcher: &fetch_user/1
  79       }
  80
  81       header = basic_auth_enc("dude", "man")
  82
  83       conn =
  84         build_conn()
  85         |> Plug.Session.call(Plug.Session.init(@session_opts))
  86         |> fetch_session
  87         |> put_req_header("authorization", header)
  88         |> AuthenticationPlug.call(opts)
  89
  90       assert conn.status == 403
  91       assert conn.halted == true
  92     end
  93
  94     test "it assigns a nil user if the 'optional' option is used" do
  95       opts = %{
  96         optional: true,
  97         fetcher: &fetch_user/1
  98       }
  99
 100       header = basic_auth_enc("dude", "man")
 101
 102       conn =
 103         build_conn()
 104         |> Plug.Session.call(Plug.Session.init(@session_opts))
 105         |> fetch_session
 106         |> put_req_header("authorization", header)
 107         |> AuthenticationPlug.call(opts)
 108
 109       assert %{ user: nil } == conn.assigns
 110     end
 111   end
 112
 113   describe "with a correct authorization header for an existing user" do
 114     test "it assigns the user", %{conn: conn} do
 115       opts = %{
 116         optional: true,
 117         fetcher: &fetch_user/1
 118       }
 119
 120       header = basic_auth_enc("dude", "guy")
 121
 122       conn = conn
 123         |> Plug.Session.call(Plug.Session.init(@session_opts))
 124         |> fetch_session
 125         |> put_req_header("authorization", header)
 126         |> AuthenticationPlug.call(opts)
 127
 128       assert %{ user: @user } == conn.assigns
 129       assert get_session(conn, :user_id) == @user.id
 130       assert conn.halted == false
 131     end
 132   end
 133
 134   describe "with a user_id in the session for an existing user" do
 135     test "it assigns the user", %{conn: conn} do
 136       opts = %{
 137         optional: true,
 138         fetcher: &fetch_user/1
 139       }
 140
 141       header = basic_auth_enc("dude", "THIS IS WRONG")
 142
 143       conn = conn
 144         |> Plug.Session.call(Plug.Session.init(@session_opts))
 145         |> fetch_session
 146         |> put_session(:user_id, @user.id)
 147         |> put_req_header("authorization", header)
 148         |> AuthenticationPlug.call(opts)
 149
 150       assert %{ user: @user } == conn.assigns
 151       assert get_session(conn, :user_id) == @user.id
 152       assert conn.halted == false
 153     end
 154   end
 155
 156   describe "with an assigned user" do
 157     test "it does nothing, returning the incoming conn", %{conn: conn} do
 158       conn = conn
 159       |> assign(:user, @user)
 160
 161       conn_result = AuthenticationPlug.call(conn, %{})
 162
 163       assert conn == conn_result
 164     end
 165   end
 166 end