Merge branch 'chore/fast_sanitize_bump' into 'develop'

[akkoma] / test / plugs / oauth_scopes_plug_test.exs

diff --git a/test/plugs/oauth_scopes_plug_test.exs b/test/plugs/oauth_scopes_plug_test.exs
index 3b895a6e4900f735f5fee301affc248a6ceb3416..89f32f43a9191fcd146a8cbccce498a5c71665b8 100644 (file)
--- a/test/plugs/oauth_scopes_plug_test.exs
+++ b/test/plugs/oauth_scopes_plug_test.exs
@@ -1,12 +1,12 @@
 # Pleroma: A lightweight social networking server
-# Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
 # SPDX-License-Identifier: AGPL-3.0-only
 
 defmodule Pleroma.Plugs.OAuthScopesPlugTest do
   use Pleroma.Web.ConnCase, async: true
 
-  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.Plugs.EnsurePublicOrAuthenticatedPlug
+  alias Pleroma.Plugs.OAuthScopesPlug
   alias Pleroma.Repo
 
   import Mock
@@ -224,4 +224,42 @@ defmodule Pleroma.Plugs.OAuthScopesPlugTest do
       assert f.(["admin:read"], ["write", "admin"]) == ["admin:read"]
     end
   end
+
+  describe "transform_scopes/2" do
+    clear_config([:auth, :enforce_oauth_admin_scope_usage])
+
+    setup do
+      {:ok, %{f: &OAuthScopesPlug.transform_scopes/2}}
+    end
+
+    test "with :admin option, prefixes all requested scopes with `admin:` " <>
+           "and [optionally] keeps only prefixed scopes, " <>
+           "depending on `[:auth, :enforce_oauth_admin_scope_usage]` setting",
+         %{f: f} do
+      Pleroma.Config.put([:auth, :enforce_oauth_admin_scope_usage], false)
+
+      assert f.(["read"], %{admin: true}) == ["admin:read", "read"]
+
+      assert f.(["read", "write"], %{admin: true}) == [
+               "admin:read",
+               "read",
+               "admin:write",
+               "write"
+             ]
+
+      Pleroma.Config.put([:auth, :enforce_oauth_admin_scope_usage], true)
+
+      assert f.(["read:accounts"], %{admin: true}) == ["admin:read:accounts"]
+
+      assert f.(["read", "write:reports"], %{admin: true}) == [
+               "admin:read",
+               "admin:write:reports"
+             ]
+    end
+
+    test "with no supported options, returns unmodified scopes", %{f: f} do
+      assert f.(["read"], %{}) == ["read"]
+      assert f.(["read", "write"], %{}) == ["read", "write"]
+    end
+  end
 end