1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Plugs.UserIsAdminPlugTest do
6 use Pleroma.Web.ConnCase, async: true
8 alias Pleroma.Plugs.UserIsAdminPlug
11 describe "unless [:auth, :enforce_oauth_admin_scope_usage]," do
12 setup do: clear_config([:auth, :enforce_oauth_admin_scope_usage], false)
14 test "accepts a user that is an admin" do
15 user = insert(:user, is_admin: true)
17 conn = assign(build_conn(), :user, user)
19 ret_conn = UserIsAdminPlug.call(conn, %{})
21 assert conn == ret_conn
24 test "denies a user that isn't an admin" do
29 |> assign(:user, user)
30 |> UserIsAdminPlug.call(%{})
32 assert conn.status == 403
35 test "denies when a user isn't set" do
36 conn = UserIsAdminPlug.call(build_conn(), %{})
38 assert conn.status == 403
42 describe "with [:auth, :enforce_oauth_admin_scope_usage]," do
43 setup do: clear_config([:auth, :enforce_oauth_admin_scope_usage], true)
46 admin_user = insert(:user, is_admin: true)
47 non_admin_user = insert(:user, is_admin: false)
50 {:ok, %{users: [admin_user, non_admin_user, blank_user]}}
53 test "if token has any of admin scopes, accepts a user that is an admin", %{conn: conn} do
54 user = insert(:user, is_admin: true)
55 token = insert(:oauth_token, user: user, scopes: ["admin:something"])
59 |> assign(:user, user)
60 |> assign(:token, token)
62 ret_conn = UserIsAdminPlug.call(conn, %{})
64 assert conn == ret_conn
67 test "if token has any of admin scopes, denies a user that isn't an admin", %{conn: conn} do
68 user = insert(:user, is_admin: false)
69 token = insert(:oauth_token, user: user, scopes: ["admin:something"])
73 |> assign(:user, user)
74 |> assign(:token, token)
75 |> UserIsAdminPlug.call(%{})
77 assert conn.status == 403
80 test "if token has any of admin scopes, denies when a user isn't set", %{conn: conn} do
81 token = insert(:oauth_token, scopes: ["admin:something"])
86 |> assign(:token, token)
87 |> UserIsAdminPlug.call(%{})
89 assert conn.status == 403
92 test "if token lacks admin scopes, denies users regardless of is_admin flag",
95 token = insert(:oauth_token, user: user)
99 |> assign(:user, user)
100 |> assign(:token, token)
101 |> UserIsAdminPlug.call(%{})
103 assert conn.status == 403
107 test "if token is missing, denies users regardless of is_admin flag", %{users: users} do
111 |> assign(:user, user)
112 |> assign(:token, nil)
113 |> UserIsAdminPlug.call(%{})
115 assert conn.status == 403