projects / akkoma / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
test: de-group alias/es
[akkoma] / test / web / oauth / oauth_controller_test.exs
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Web.OAuth.OAuthControllerTest do
6 use Pleroma.Web.ConnCase
7 import Pleroma.Factory
8
9 alias Pleroma.Repo
10 alias Pleroma.Web.OAuth.Authorization
11 alias Pleroma.Web.OAuth.Token
12
13 test "redirects with oauth authorization" do
14 user = insert(:user)
15 app = insert(:oauth_app)
16
17 conn =
18 build_conn()
19 |> post("/oauth/authorize", %{
20 "authorization" => %{
21 "name" => user.nickname,
22 "password" => "test",
23 "client_id" => app.client_id,
24 "redirect_uri" => app.redirect_uris,
25 "state" => "statepassed"
26 }
27 })
28
29 target = redirected_to(conn)
30 assert target =~ app.redirect_uris
31
32 query = URI.parse(target).query |> URI.query_decoder() |> Map.new()
33
34 assert %{"state" => "statepassed", "code" => code} = query
35 assert Repo.get_by(Authorization, token: code)
36 end
37
38 test "correctly handles wrong credentials", %{conn: conn} do
39 user = insert(:user)
40 app = insert(:oauth_app)
41
42 result =
43 conn
44 |> post("/oauth/authorize", %{
45 "authorization" => %{
46 "name" => user.nickname,
47 "password" => "wrong",
48 "client_id" => app.client_id,
49 "redirect_uri" => app.redirect_uris,
50 "state" => "statepassed"
51 }
52 })
53 |> html_response(:unauthorized)
54
55 # Keep the details
56 assert result =~ app.client_id
57 assert result =~ app.redirect_uris
58
59 # Error message
60 assert result =~ "Invalid"
61 end
62
63 test "issues a token for an all-body request" do
64 user = insert(:user)
65 app = insert(:oauth_app)
66
67 {:ok, auth} = Authorization.create_authorization(app, user)
68
69 conn =
70 build_conn()
71 |> post("/oauth/token", %{
72 "grant_type" => "authorization_code",
73 "code" => auth.token,
74 "redirect_uri" => app.redirect_uris,
75 "client_id" => app.client_id,
76 "client_secret" => app.client_secret
77 })
78
79 assert %{"access_token" => token} = json_response(conn, 200)
80 assert Repo.get_by(Token, token: token)
81 end
82
83 test "issues a token for `password` grant_type with valid credentials" do
84 password = "testpassword"
85 user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
86
87 app = insert(:oauth_app)
88
89 conn =
90 build_conn()
91 |> post("/oauth/token", %{
92 "grant_type" => "password",
93 "username" => user.nickname,
94 "password" => password,
95 "client_id" => app.client_id,
96 "client_secret" => app.client_secret
97 })
98
99 assert %{"access_token" => token} = json_response(conn, 200)
100 assert Repo.get_by(Token, token: token)
101 end
102
103 test "issues a token for request with HTTP basic auth client credentials" do
104 user = insert(:user)
105 app = insert(:oauth_app)
106
107 {:ok, auth} = Authorization.create_authorization(app, user)
108
109 app_encoded =
110 (URI.encode_www_form(app.client_id) <> ":" <> URI.encode_www_form(app.client_secret))
111 |> Base.encode64()
112
113 conn =
114 build_conn()
115 |> put_req_header("authorization", "Basic " <> app_encoded)
116 |> post("/oauth/token", %{
117 "grant_type" => "authorization_code",
118 "code" => auth.token,
119 "redirect_uri" => app.redirect_uris
120 })
121
122 assert %{"access_token" => token} = json_response(conn, 200)
123 assert Repo.get_by(Token, token: token)
124 end
125
126 test "rejects token exchange with invalid client credentials" do
127 user = insert(:user)
128 app = insert(:oauth_app)
129
130 {:ok, auth} = Authorization.create_authorization(app, user)
131
132 conn =
133 build_conn()
134 |> put_req_header("authorization", "Basic JTIxOiVGMCU5RiVBNCVCNwo=")
135 |> post("/oauth/token", %{
136 "grant_type" => "authorization_code",
137 "code" => auth.token,
138 "redirect_uri" => app.redirect_uris
139 })
140
141 assert resp = json_response(conn, 400)
142 assert %{"error" => _} = resp
143 refute Map.has_key?(resp, "access_token")
144 end
145
146 test "rejects token exchange for valid credentials belonging to unconfirmed user and confirmation is required" do
147 setting = Pleroma.Config.get([:instance, :account_activation_required])
148
149 unless setting do
150 Pleroma.Config.put([:instance, :account_activation_required], true)
151 on_exit(fn -> Pleroma.Config.put([:instance, :account_activation_required], setting) end)
152 end
153
154 password = "testpassword"
155 user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
156 info_change = Pleroma.User.Info.confirmation_changeset(user.info, :unconfirmed)
157
158 {:ok, user} =
159 user
160 |> Ecto.Changeset.change()
161 |> Ecto.Changeset.put_embed(:info, info_change)
162 |> Repo.update()
163
164 refute Pleroma.User.auth_active?(user)
165
166 app = insert(:oauth_app)
167
168 conn =
169 build_conn()
170 |> post("/oauth/token", %{
171 "grant_type" => "password",
172 "username" => user.nickname,
173 "password" => password,
174 "client_id" => app.client_id,
175 "client_secret" => app.client_secret
176 })
177
178 assert resp = json_response(conn, 403)
179 assert %{"error" => _} = resp
180 refute Map.has_key?(resp, "access_token")
181 end
182
183 test "rejects an invalid authorization code" do
184 app = insert(:oauth_app)
185
186 conn =
187 build_conn()
188 |> post("/oauth/token", %{
189 "grant_type" => "authorization_code",
190 "code" => "Imobviouslyinvalid",
191 "redirect_uri" => app.redirect_uris,
192 "client_id" => app.client_id,
193 "client_secret" => app.client_secret
194 })
195
196 assert resp = json_response(conn, 400)
197 assert %{"error" => _} = json_response(conn, 400)
198 refute Map.has_key?(resp, "access_token")
199 end
200 end
Fork of https://akkoma.dev/AkkomaGang/akkoma.git