projects / akkoma / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
[#468] Merged `upstream/develop`, resolved conflicts.
[akkoma] / test / web / oauth / oauth_controller_test.exs
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.OAuth.OAuthControllerTest do
6 use Pleroma.Web.ConnCase
7 import Pleroma.Factory
8
9 alias Pleroma.Repo
10 alias Pleroma.Web.OAuth.Authorization
11 alias Pleroma.Web.OAuth.Token
12
13 test "redirects with oauth authorization" do
14 user = insert(:user)
15 app = insert(:oauth_app)
16
17 conn =
18 build_conn()
19 |> post("/oauth/authorize", %{
20 "authorization" => %{
21 "name" => user.nickname,
22 "password" => "test",
23 "client_id" => app.client_id,
24 "redirect_uri" => app.redirect_uris,
25 "scope" => Enum.join(app.scopes, " "),
26 "state" => "statepassed"
27 }
28 })
29
30 target = redirected_to(conn)
31 assert target =~ app.redirect_uris
32
33 query = URI.parse(target).query |> URI.query_decoder() |> Map.new()
34
35 assert %{"state" => "statepassed", "code" => code} = query
36 assert Repo.get_by(Authorization, token: code)
37 end
38
39 test "correctly handles wrong credentials", %{conn: conn} do
40 user = insert(:user)
41 app = insert(:oauth_app)
42
43 result =
44 conn
45 |> post("/oauth/authorize", %{
46 "authorization" => %{
47 "name" => user.nickname,
48 "password" => "wrong",
49 "client_id" => app.client_id,
50 "redirect_uri" => app.redirect_uris,
51 "state" => "statepassed"
52 }
53 })
54 |> html_response(:unauthorized)
55
56 # Keep the details
57 assert result =~ app.client_id
58 assert result =~ app.redirect_uris
59
60 # Error message
61 assert result =~ "Invalid"
62 end
63
64 test "issues a token for an all-body request" do
65 user = insert(:user)
66 app = insert(:oauth_app)
67
68 {:ok, auth} = Authorization.create_authorization(app, user)
69
70 conn =
71 build_conn()
72 |> post("/oauth/token", %{
73 "grant_type" => "authorization_code",
74 "code" => auth.token,
75 "redirect_uri" => app.redirect_uris,
76 "client_id" => app.client_id,
77 "client_secret" => app.client_secret
78 })
79
80 assert %{"access_token" => token} = json_response(conn, 200)
81 assert Repo.get_by(Token, token: token)
82 end
83
84 test "issues a token for `password` grant_type with valid credentials" do
85 password = "testpassword"
86 user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
87
88 app = insert(:oauth_app)
89
90 conn =
91 build_conn()
92 |> post("/oauth/token", %{
93 "grant_type" => "password",
94 "username" => user.nickname,
95 "password" => password,
96 "client_id" => app.client_id,
97 "client_secret" => app.client_secret
98 })
99
100 assert %{"access_token" => token} = json_response(conn, 200)
101 assert Repo.get_by(Token, token: token)
102 end
103
104 test "issues a token for request with HTTP basic auth client credentials" do
105 user = insert(:user)
106 app = insert(:oauth_app)
107
108 {:ok, auth} = Authorization.create_authorization(app, user)
109
110 app_encoded =
111 (URI.encode_www_form(app.client_id) <> ":" <> URI.encode_www_form(app.client_secret))
112 |> Base.encode64()
113
114 conn =
115 build_conn()
116 |> put_req_header("authorization", "Basic " <> app_encoded)
117 |> post("/oauth/token", %{
118 "grant_type" => "authorization_code",
119 "code" => auth.token,
120 "redirect_uri" => app.redirect_uris
121 })
122
123 assert %{"access_token" => token} = json_response(conn, 200)
124 assert Repo.get_by(Token, token: token)
125 end
126
127 test "rejects token exchange with invalid client credentials" do
128 user = insert(:user)
129 app = insert(:oauth_app)
130
131 {:ok, auth} = Authorization.create_authorization(app, user)
132
133 conn =
134 build_conn()
135 |> put_req_header("authorization", "Basic JTIxOiVGMCU5RiVBNCVCNwo=")
136 |> post("/oauth/token", %{
137 "grant_type" => "authorization_code",
138 "code" => auth.token,
139 "redirect_uri" => app.redirect_uris
140 })
141
142 assert resp = json_response(conn, 400)
143 assert %{"error" => _} = resp
144 refute Map.has_key?(resp, "access_token")
145 end
146
147 test "rejects token exchange for valid credentials belonging to unconfirmed user and confirmation is required" do
148 setting = Pleroma.Config.get([:instance, :account_activation_required])
149
150 unless setting do
151 Pleroma.Config.put([:instance, :account_activation_required], true)
152 on_exit(fn -> Pleroma.Config.put([:instance, :account_activation_required], setting) end)
153 end
154
155 password = "testpassword"
156 user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
157 info_change = Pleroma.User.Info.confirmation_changeset(user.info, :unconfirmed)
158
159 {:ok, user} =
160 user
161 |> Ecto.Changeset.change()
162 |> Ecto.Changeset.put_embed(:info, info_change)
163 |> Repo.update()
164
165 refute Pleroma.User.auth_active?(user)
166
167 app = insert(:oauth_app)
168
169 conn =
170 build_conn()
171 |> post("/oauth/token", %{
172 "grant_type" => "password",
173 "username" => user.nickname,
174 "password" => password,
175 "client_id" => app.client_id,
176 "client_secret" => app.client_secret
177 })
178
179 assert resp = json_response(conn, 403)
180 assert %{"error" => _} = resp
181 refute Map.has_key?(resp, "access_token")
182 end
183
184 test "rejects an invalid authorization code" do
185 app = insert(:oauth_app)
186
187 conn =
188 build_conn()
189 |> post("/oauth/token", %{
190 "grant_type" => "authorization_code",
191 "code" => "Imobviouslyinvalid",
192 "redirect_uri" => app.redirect_uris,
193 "client_id" => app.client_id,
194 "client_secret" => app.client_secret
195 })
196
197 assert resp = json_response(conn, 400)
198 assert %{"error" => _} = json_response(conn, 400)
199 refute Map.has_key?(resp, "access_token")
200 end
201 end
Fork of https://akkoma.dev/AkkomaGang/akkoma.git