1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Plugs.UserIsAdminPlugTest do
6 use Pleroma.Web.ConnCase, async: true
8 alias Pleroma.Plugs.UserIsAdminPlug
11 describe "unless [:auth, :enforce_oauth_admin_scope_usage]," do
12 clear_config([:auth, :enforce_oauth_admin_scope_usage]) do
13 Pleroma.Config.put([:auth, :enforce_oauth_admin_scope_usage], false)
16 test "accepts a user that is an admin" do
17 user = insert(:user, is_admin: true)
19 conn = assign(build_conn(), :user, user)
21 ret_conn = UserIsAdminPlug.call(conn, %{})
23 assert conn == ret_conn
26 test "denies a user that isn't an admin" do
31 |> assign(:user, user)
32 |> UserIsAdminPlug.call(%{})
34 assert conn.status == 403
37 test "denies when a user isn't set" do
38 conn = UserIsAdminPlug.call(build_conn(), %{})
40 assert conn.status == 403
44 describe "with [:auth, :enforce_oauth_admin_scope_usage]," do
45 clear_config([:auth, :enforce_oauth_admin_scope_usage]) do
46 Pleroma.Config.put([:auth, :enforce_oauth_admin_scope_usage], true)
50 admin_user = insert(:user, is_admin: true)
51 non_admin_user = insert(:user, is_admin: false)
54 {:ok, %{users: [admin_user, non_admin_user, blank_user]}}
57 test "if token has any of admin scopes, accepts a user that is an admin", %{conn: conn} do
58 user = insert(:user, is_admin: true)
59 token = insert(:oauth_token, user: user, scopes: ["admin:something"])
63 |> assign(:user, user)
64 |> assign(:token, token)
66 ret_conn = UserIsAdminPlug.call(conn, %{})
68 assert conn == ret_conn
71 test "if token has any of admin scopes, denies a user that isn't an admin", %{conn: conn} do
72 user = insert(:user, is_admin: false)
73 token = insert(:oauth_token, user: user, scopes: ["admin:something"])
77 |> assign(:user, user)
78 |> assign(:token, token)
79 |> UserIsAdminPlug.call(%{})
81 assert conn.status == 403
84 test "if token has any of admin scopes, denies when a user isn't set", %{conn: conn} do
85 token = insert(:oauth_token, scopes: ["admin:something"])
90 |> assign(:token, token)
91 |> UserIsAdminPlug.call(%{})
93 assert conn.status == 403
96 test "if token lacks admin scopes, denies users regardless of is_admin flag",
99 token = insert(:oauth_token, user: user)
103 |> assign(:user, user)
104 |> assign(:token, token)
105 |> UserIsAdminPlug.call(%{})
107 assert conn.status == 403
111 test "if token is missing, denies users regardless of is_admin flag", %{users: users} do
115 |> assign(:user, user)
116 |> assign(:token, nil)
117 |> UserIsAdminPlug.call(%{})
119 assert conn.status == 403