1 defmodule Pleroma.Web.OAuth.OAuthControllerTest do
2 use Pleroma.Web.ConnCase
6 alias Pleroma.Web.OAuth.{Authorization, Token}
8 test "redirects with oauth authorization" do
10 app = insert(:oauth_app)
14 |> post("/oauth/authorize", %{
16 "name" => user.nickname,
18 "client_id" => app.client_id,
19 "redirect_uri" => app.redirect_uris,
20 "state" => "statepassed"
24 target = redirected_to(conn)
25 assert target =~ app.redirect_uris
27 query = URI.parse(target).query |> URI.query_decoder() |> Map.new()
29 assert %{"state" => "statepassed", "code" => code} = query
30 assert Repo.get_by(Authorization, token: code)
33 test "issues a token for an all-body request" do
35 app = insert(:oauth_app)
37 {:ok, auth} = Authorization.create_authorization(app, user)
41 |> post("/oauth/token", %{
42 "grant_type" => "authorization_code",
44 "redirect_uri" => app.redirect_uris,
45 "client_id" => app.client_id,
46 "client_secret" => app.client_secret
49 assert %{"access_token" => token} = json_response(conn, 200)
50 assert Repo.get_by(Token, token: token)
53 test "issues a token for `password` grant_type with valid credentials" do
54 password = "testpassword"
55 user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
57 app = insert(:oauth_app)
61 |> post("/oauth/token", %{
62 "grant_type" => "password",
63 "username" => user.nickname,
64 "password" => password,
65 "client_id" => app.client_id,
66 "client_secret" => app.client_secret
69 assert %{"access_token" => token} = json_response(conn, 200)
70 assert Repo.get_by(Token, token: token)
73 test "issues a token for request with HTTP basic auth client credentials" do
75 app = insert(:oauth_app)
77 {:ok, auth} = Authorization.create_authorization(app, user)
80 (URI.encode_www_form(app.client_id) <> ":" <> URI.encode_www_form(app.client_secret))
85 |> put_req_header("authorization", "Basic " <> app_encoded)
86 |> post("/oauth/token", %{
87 "grant_type" => "authorization_code",
89 "redirect_uri" => app.redirect_uris
92 assert %{"access_token" => token} = json_response(conn, 200)
93 assert Repo.get_by(Token, token: token)
96 test "rejects token exchange with invalid client credentials" do
98 app = insert(:oauth_app)
100 {:ok, auth} = Authorization.create_authorization(app, user)
104 |> put_req_header("authorization", "Basic JTIxOiVGMCU5RiVBNCVCNwo=")
105 |> post("/oauth/token", %{
106 "grant_type" => "authorization_code",
107 "code" => auth.token,
108 "redirect_uri" => app.redirect_uris
111 assert resp = json_response(conn, 400)
112 assert %{"error" => _} = resp
113 refute Map.has_key?(resp, "access_token")
116 test "rejects token exchange for valid credentials belonging to unconfirmed user" do
117 password = "testpassword"
118 user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
119 info_change = Pleroma.User.Info.confirmation_change(user.info, :unconfirmed)
123 |> Ecto.Changeset.change()
124 |> Ecto.Changeset.put_embed(:info, info_change)
127 refute Pleroma.User.auth_active?(user)
129 app = insert(:oauth_app)
133 |> post("/oauth/token", %{
134 "grant_type" => "password",
135 "username" => user.nickname,
136 "password" => password,
137 "client_id" => app.client_id,
138 "client_secret" => app.client_secret
141 assert resp = json_response(conn, 403)
142 assert %{"error" => _} = resp
143 refute Map.has_key?(resp, "access_token")
146 test "rejects an invalid authorization code" do
147 app = insert(:oauth_app)
151 |> post("/oauth/token", %{
152 "grant_type" => "authorization_code",
153 "code" => "Imobviouslyinvalid",
154 "redirect_uri" => app.redirect_uris,
155 "client_id" => app.client_id,
156 "client_secret" => app.client_secret
159 assert resp = json_response(conn, 400)
160 assert %{"error" => _} = json_response(conn, 400)
161 refute Map.has_key?(resp, "access_token")