git.squeep.com Git - akkoma/blob - test/plugs/authentication_plug_test.exs

   1 defmodule Pleroma.Plugs.AuthenticationPlugTest do
   2   use Pleroma.Web.ConnCase, async: true
   3
   4   alias Pleroma.Plugs.AuthenticationPlug
   5   alias Pleroma.User
   6
   7   defp fetch_nil(_name) do
   8     {:ok, nil}
   9   end
  10
  11   @user %User{
  12     id: 1,
  13     name: "dude",
  14     password_hash: Comeonin.Pbkdf2.hashpwsalt("guy")
  15   }
  16
  17   @deactivated %User{
  18     id: 1,
  19     name: "dude",
  20     password_hash: Comeonin.Pbkdf2.hashpwsalt("guy"),
  21     info: %{"deactivated" => true}
  22   }
  23
  24   @session_opts [
  25     store: :cookie,
  26     key: "_test",
  27     signing_salt: "cooldude"
  28   ]
  29
  30   defp fetch_user(_name) do
  31     {:ok, @user}
  32   end
  33
  34   defp basic_auth_enc(username, password) do
  35     "Basic " <> Base.encode64("#{username}:#{password}")
  36   end
  37
  38   describe "without an authorization header" do
  39     test "it halts the application" do
  40       conn =
  41         build_conn()
  42         |> Plug.Session.call(Plug.Session.init(@session_opts))
  43         |> fetch_session
  44         |> AuthenticationPlug.call(%{})
  45
  46       assert conn.status == 403
  47       assert conn.halted == true
  48     end
  49
  50     test "it assigns a nil user if the 'optional' option is used" do
  51       conn =
  52         build_conn()
  53         |> Plug.Session.call(Plug.Session.init(@session_opts))
  54         |> fetch_session
  55         |> AuthenticationPlug.call(%{optional: true})
  56
  57       assert %{user: nil} == conn.assigns
  58     end
  59   end
  60
  61   describe "with an authorization header for a nonexisting user" do
  62     test "it halts the application" do
  63       conn =
  64         build_conn()
  65         |> Plug.Session.call(Plug.Session.init(@session_opts))
  66         |> fetch_session
  67         |> AuthenticationPlug.call(%{fetcher: &fetch_nil/1})
  68
  69       assert conn.status == 403
  70       assert conn.halted == true
  71     end
  72
  73     test "it assigns a nil user if the 'optional' option is used" do
  74       conn =
  75         build_conn()
  76         |> Plug.Session.call(Plug.Session.init(@session_opts))
  77         |> fetch_session
  78         |> AuthenticationPlug.call(%{optional: true, fetcher: &fetch_nil/1})
  79
  80       assert %{user: nil} == conn.assigns
  81     end
  82   end
  83
  84   describe "with an incorrect authorization header for a enxisting user" do
  85     test "it halts the application" do
  86       opts = %{
  87         fetcher: &fetch_user/1
  88       }
  89
  90       header = basic_auth_enc("dude", "man")
  91
  92       conn =
  93         build_conn()
  94         |> Plug.Session.call(Plug.Session.init(@session_opts))
  95         |> fetch_session
  96         |> put_req_header("authorization", header)
  97         |> AuthenticationPlug.call(opts)
  98
  99       assert conn.status == 403
 100       assert conn.halted == true
 101     end
 102
 103     test "it assigns a nil user if the 'optional' option is used" do
 104       opts = %{
 105         optional: true,
 106         fetcher: &fetch_user/1
 107       }
 108
 109       header = basic_auth_enc("dude", "man")
 110
 111       conn =
 112         build_conn()
 113         |> Plug.Session.call(Plug.Session.init(@session_opts))
 114         |> fetch_session
 115         |> put_req_header("authorization", header)
 116         |> AuthenticationPlug.call(opts)
 117
 118       assert %{user: nil} == conn.assigns
 119     end
 120   end
 121
 122   describe "with a correct authorization header for an existing user" do
 123     test "it assigns the user", %{conn: conn} do
 124       opts = %{
 125         optional: true,
 126         fetcher: &fetch_user/1
 127       }
 128
 129       header = basic_auth_enc("dude", "guy")
 130
 131       conn =
 132         conn
 133         |> Plug.Session.call(Plug.Session.init(@session_opts))
 134         |> fetch_session
 135         |> put_req_header("authorization", header)
 136         |> AuthenticationPlug.call(opts)
 137
 138       assert %{user: @user} == conn.assigns
 139       assert get_session(conn, :user_id) == @user.id
 140       assert conn.halted == false
 141     end
 142   end
 143
 144   describe "with a correct authorization header for an deactiviated user" do
 145     test "it halts the appication", %{conn: conn} do
 146       opts = %{
 147         optional: false,
 148         fetcher: fn _ -> @deactivated end
 149       }
 150
 151       header = basic_auth_enc("dude", "guy")
 152
 153       conn =
 154         conn
 155         |> Plug.Session.call(Plug.Session.init(@session_opts))
 156         |> fetch_session
 157         |> put_req_header("authorization", header)
 158         |> AuthenticationPlug.call(opts)
 159
 160       assert conn.status == 403
 161       assert conn.halted == true
 162     end
 163   end
 164
 165   describe "with a user_id in the session for an existing user" do
 166     test "it assigns the user", %{conn: conn} do
 167       opts = %{
 168         optional: true,
 169         fetcher: &fetch_user/1
 170       }
 171
 172       header = basic_auth_enc("dude", "THIS IS WRONG")
 173
 174       conn =
 175         conn
 176         |> Plug.Session.call(Plug.Session.init(@session_opts))
 177         |> fetch_session
 178         |> put_session(:user_id, @user.id)
 179         |> put_req_header("authorization", header)
 180         |> AuthenticationPlug.call(opts)
 181
 182       assert %{user: @user} == conn.assigns
 183       assert get_session(conn, :user_id) == @user.id
 184       assert conn.halted == false
 185     end
 186   end
 187
 188   describe "with an assigned user" do
 189     test "it does nothing, returning the incoming conn", %{conn: conn} do
 190       conn =
 191         conn
 192         |> assign(:user, @user)
 193
 194       conn_result = AuthenticationPlug.call(conn, %{})
 195
 196       assert conn == conn_result
 197     end
 198   end
 199 end