1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.MastodonAPI.AuthControllerTest do
6 use Pleroma.Web.ConnCase
10 alias Pleroma.Tests.ObanHelpers
12 import Pleroma.Factory
13 import Swoosh.TestAssertions
15 describe "GET /web/login" do
16 setup %{conn: conn} do
20 signing_salt: "cooldude"
25 |> Plug.Session.call(Plug.Session.init(session_opts))
28 test_path = "/web/statuses/test"
29 %{conn: conn, path: test_path}
32 test "redirects to the saved path after log in", %{conn: conn, path: path} do
33 app = insert(:oauth_app, client_name: "Mastodon-Local", redirect_uris: ".")
34 auth = insert(:oauth_authorization, app: app)
38 |> put_session(:return_to, path)
39 |> get("/web/login", %{code: auth.token})
41 assert conn.status == 302
42 assert redirected_to(conn) == path
45 test "redirects to the getting-started page when referer is not present", %{conn: conn} do
46 app = insert(:oauth_app, client_name: "Mastodon-Local", redirect_uris: ".")
47 auth = insert(:oauth_authorization, app: app)
49 conn = get(conn, "/web/login", %{code: auth.token})
51 assert conn.status == 302
52 assert redirected_to(conn) == "/web/getting-started"
56 describe "POST /auth/password, with valid parameters" do
57 setup %{conn: conn} do
59 conn = post(conn, "/auth/password?email=#{user.email}")
60 %{conn: conn, user: user}
63 test "it returns 204", %{conn: conn} do
64 assert json_response(conn, :no_content)
67 test "it creates a PasswordResetToken record for user", %{user: user} do
68 token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
72 test "it sends an email to user", %{user: user} do
73 ObanHelpers.perform_all()
74 token_record = Repo.get_by(Pleroma.PasswordResetToken, user_id: user.id)
76 email = Pleroma.Emails.UserEmail.password_reset_email(user, token_record.token)
77 notify_email = Config.get([:instance, :notify_email])
78 instance_name = Config.get([:instance, :name])
81 from: {instance_name, notify_email},
82 to: {user.name, user.email},
83 html_body: email.html_body
88 describe "POST /auth/password, with invalid parameters" do
94 test "it returns 404 when user is not found", %{conn: conn, user: user} do
95 conn = post(conn, "/auth/password?email=nonexisting_#{user.email}")
96 assert conn.status == 404
97 assert conn.resp_body == ""
100 test "it returns 400 when user is not local", %{conn: conn, user: user} do
101 {:ok, user} = Repo.update(Ecto.Changeset.change(user, local: false))
102 conn = post(conn, "/auth/password?email=#{user.email}")
103 assert conn.status == 400
104 assert conn.resp_body == ""
108 describe "DELETE /auth/sign_out" do
109 test "redirect to root page", %{conn: conn} do
114 |> assign(:user, user)
115 |> delete("/auth/sign_out")
117 assert conn.status == 302
118 assert redirected_to(conn) == "/"