1 defmodule Pleroma.Web.OAuth.OAuthControllerTest do
2 use Pleroma.Web.ConnCase
6 alias Pleroma.Web.OAuth.{Authorization, Token}
8 test "redirects with oauth authorization" do
10 app = insert(:oauth_app)
14 |> post("/oauth/authorize", %{
16 "name" => user.nickname,
18 "client_id" => app.client_id,
19 "redirect_uri" => app.redirect_uris,
20 "state" => "statepassed"
24 target = redirected_to(conn)
25 assert target =~ app.redirect_uris
27 query = URI.parse(target).query |> URI.query_decoder() |> Map.new()
29 assert %{"state" => "statepassed", "code" => code} = query
30 assert Repo.get_by(Authorization, token: code)
33 test "issues a token for an all-body request" do
35 app = insert(:oauth_app)
37 {:ok, auth} = Authorization.create_authorization(app, user)
41 |> post("/oauth/token", %{
42 "grant_type" => "authorization_code",
44 "redirect_uri" => app.redirect_uris,
45 "client_id" => app.client_id,
46 "client_secret" => app.client_secret
49 assert %{"access_token" => token} = json_response(conn, 200)
50 assert Repo.get_by(Token, token: token)
53 test "issues a token for request with HTTP basic auth client credentials" do
55 app = insert(:oauth_app)
57 {:ok, auth} = Authorization.create_authorization(app, user)
60 (URI.encode_www_form(app.client_id) <> ":" <> URI.encode_www_form(app.client_secret))
65 |> put_req_header("authorization", "Basic " <> app_encoded)
66 |> post("/oauth/token", %{
67 "grant_type" => "authorization_code",
69 "redirect_uri" => app.redirect_uris
72 assert %{"access_token" => token} = json_response(conn, 200)
73 assert Repo.get_by(Token, token: token)
76 test "rejects token exchange with invalid client credentials" do
78 app = insert(:oauth_app)
80 {:ok, auth} = Authorization.create_authorization(app, user)
84 |> put_req_header("authorization", "Basic JTIxOiVGMCU5RiVBNCVCNwo=")
85 |> post("/oauth/token", %{
86 "grant_type" => "authorization_code",
88 "redirect_uri" => app.redirect_uris
91 assert resp = json_response(conn, 400)
92 assert %{"error" => _} = resp
93 refute Map.has_key?(resp, "access_token")
96 test "rejects an invalid authorization code" do
97 app = insert(:oauth_app)
101 |> post("/oauth/token", %{
102 "grant_type" => "authorization_code",
103 "code" => "Imobviouslyinvalid",
104 "redirect_uri" => app.redirect_uris,
105 "client_id" => app.client_id,
106 "client_secret" => app.client_secret
109 assert resp = json_response(conn, 400)
110 assert %{"error" => _} = json_response(conn, 400)
111 refute Map.has_key?(resp, "access_token")