1 defmodule Pleroma.Web.PleromaAPI.TwoFactorAuthenticationControllerTest do
2 use Pleroma.Web.ConnCase
5 alias Pleroma.MFA.Settings
8 describe "GET /api/pleroma/accounts/mfa/settings" do
9 test "returns user mfa settings for new user", %{conn: conn} do
10 token = insert(:oauth_token, scopes: ["read", "follow"])
11 token2 = insert(:oauth_token, scopes: ["write"])
14 |> put_req_header("authorization", "Bearer #{token.token}")
15 |> get("/api/pleroma/accounts/mfa")
16 |> json_response(:ok) == %{
17 "settings" => %{"enabled" => false, "totp" => false}
21 |> put_req_header("authorization", "Bearer #{token2.token}")
22 |> get("/api/pleroma/accounts/mfa")
23 |> json_response(403) == %{
24 "error" => "Insufficient permissions: read:security."
28 test "returns user mfa settings with enabled totp", %{conn: conn} do
31 multi_factor_authentication_settings: %Settings{
33 totp: %Settings.TOTP{secret: "XXX", delivery_type: "app", confirmed: true}
37 token = insert(:oauth_token, scopes: ["read", "follow"], user: user)
40 |> put_req_header("authorization", "Bearer #{token.token}")
41 |> get("/api/pleroma/accounts/mfa")
42 |> json_response(:ok) == %{
43 "settings" => %{"enabled" => true, "totp" => true}
48 describe "GET /api/pleroma/accounts/mfa/backup_codes" do
49 test "returns backup codes", %{conn: conn} do
52 multi_factor_authentication_settings: %Settings{
53 backup_codes: ["1", "2", "3"],
54 totp: %Settings.TOTP{secret: "secret"}
58 token = insert(:oauth_token, scopes: ["write", "follow"], user: user)
59 token2 = insert(:oauth_token, scopes: ["read"])
63 |> put_req_header("authorization", "Bearer #{token.token}")
64 |> get("/api/pleroma/accounts/mfa/backup_codes")
67 assert [<<_::bytes-size(6)>>, <<_::bytes-size(6)>>] = response["codes"]
68 user = refresh_record(user)
69 mfa_settings = user.multi_factor_authentication_settings
70 assert mfa_settings.totp.secret == "secret"
71 refute mfa_settings.backup_codes == ["1", "2", "3"]
72 refute mfa_settings.backup_codes == []
75 |> put_req_header("authorization", "Bearer #{token2.token}")
76 |> get("/api/pleroma/accounts/mfa/backup_codes")
77 |> json_response(403) == %{
78 "error" => "Insufficient permissions: write:security."
83 describe "GET /api/pleroma/accounts/mfa/setup/totp" do
84 test "return errors when method is invalid", %{conn: conn} do
86 token = insert(:oauth_token, scopes: ["write", "follow"], user: user)
90 |> put_req_header("authorization", "Bearer #{token.token}")
91 |> get("/api/pleroma/accounts/mfa/setup/torf")
94 assert response == %{"error" => "undefined method"}
97 test "returns key and provisioning_uri", %{conn: conn} do
100 multi_factor_authentication_settings: %Settings{backup_codes: ["1", "2", "3"]}
103 token = insert(:oauth_token, scopes: ["write", "follow"], user: user)
104 token2 = insert(:oauth_token, scopes: ["read"])
108 |> put_req_header("authorization", "Bearer #{token.token}")
109 |> get("/api/pleroma/accounts/mfa/setup/totp")
110 |> json_response(:ok)
112 user = refresh_record(user)
113 mfa_settings = user.multi_factor_authentication_settings
114 secret = mfa_settings.totp.secret
115 refute mfa_settings.enabled
116 assert mfa_settings.backup_codes == ["1", "2", "3"]
118 assert response == %{
120 "provisioning_uri" => TOTP.provisioning_uri(secret, "#{user.email}")
124 |> put_req_header("authorization", "Bearer #{token2.token}")
125 |> get("/api/pleroma/accounts/mfa/setup/totp")
126 |> json_response(403) == %{
127 "error" => "Insufficient permissions: write:security."
132 describe "GET /api/pleroma/accounts/mfa/confirm/totp" do
133 test "returns success result", %{conn: conn} do
134 secret = TOTP.generate_secret()
135 code = TOTP.generate_token(secret)
139 multi_factor_authentication_settings: %Settings{
140 backup_codes: ["1", "2", "3"],
141 totp: %Settings.TOTP{secret: secret}
145 token = insert(:oauth_token, scopes: ["write", "follow"], user: user)
146 token2 = insert(:oauth_token, scopes: ["read"])
149 |> put_req_header("authorization", "Bearer #{token.token}")
150 |> post("/api/pleroma/accounts/mfa/confirm/totp", %{password: "test", code: code})
151 |> json_response(:ok)
153 settings = refresh_record(user).multi_factor_authentication_settings
154 assert settings.enabled
155 assert settings.totp.secret == secret
156 assert settings.totp.confirmed
157 assert settings.backup_codes == ["1", "2", "3"]
160 |> put_req_header("authorization", "Bearer #{token2.token}")
161 |> post("/api/pleroma/accounts/mfa/confirm/totp", %{password: "test", code: code})
162 |> json_response(403) == %{
163 "error" => "Insufficient permissions: write:security."
167 test "returns error if password incorrect", %{conn: conn} do
168 secret = TOTP.generate_secret()
169 code = TOTP.generate_token(secret)
173 multi_factor_authentication_settings: %Settings{
174 backup_codes: ["1", "2", "3"],
175 totp: %Settings.TOTP{secret: secret}
179 token = insert(:oauth_token, scopes: ["write", "follow"], user: user)
183 |> put_req_header("authorization", "Bearer #{token.token}")
184 |> post("/api/pleroma/accounts/mfa/confirm/totp", %{password: "xxx", code: code})
185 |> json_response(422)
187 settings = refresh_record(user).multi_factor_authentication_settings
188 refute settings.enabled
189 refute settings.totp.confirmed
190 assert settings.backup_codes == ["1", "2", "3"]
191 assert response == %{"error" => "Invalid password."}
194 test "returns error if code incorrect", %{conn: conn} do
195 secret = TOTP.generate_secret()
199 multi_factor_authentication_settings: %Settings{
200 backup_codes: ["1", "2", "3"],
201 totp: %Settings.TOTP{secret: secret}
205 token = insert(:oauth_token, scopes: ["write", "follow"], user: user)
206 token2 = insert(:oauth_token, scopes: ["read"])
210 |> put_req_header("authorization", "Bearer #{token.token}")
211 |> post("/api/pleroma/accounts/mfa/confirm/totp", %{password: "test", code: "code"})
212 |> json_response(422)
214 settings = refresh_record(user).multi_factor_authentication_settings
215 refute settings.enabled
216 refute settings.totp.confirmed
217 assert settings.backup_codes == ["1", "2", "3"]
218 assert response == %{"error" => "invalid_token"}
221 |> put_req_header("authorization", "Bearer #{token2.token}")
222 |> post("/api/pleroma/accounts/mfa/confirm/totp", %{password: "test", code: "code"})
223 |> json_response(403) == %{
224 "error" => "Insufficient permissions: write:security."
229 describe "DELETE /api/pleroma/accounts/mfa/totp" do
230 test "returns success result", %{conn: conn} do
233 multi_factor_authentication_settings: %Settings{
234 backup_codes: ["1", "2", "3"],
235 totp: %Settings.TOTP{secret: "secret"}
239 token = insert(:oauth_token, scopes: ["write", "follow"], user: user)
240 token2 = insert(:oauth_token, scopes: ["read"])
243 |> put_req_header("authorization", "Bearer #{token.token}")
244 |> delete("/api/pleroma/accounts/mfa/totp", %{password: "test"})
245 |> json_response(:ok)
247 settings = refresh_record(user).multi_factor_authentication_settings
248 refute settings.enabled
249 assert settings.totp.secret == nil
250 refute settings.totp.confirmed
253 |> put_req_header("authorization", "Bearer #{token2.token}")
254 |> delete("/api/pleroma/accounts/mfa/totp", %{password: "test"})
255 |> json_response(403) == %{
256 "error" => "Insufficient permissions: write:security."