X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=test%2Fweb%2Foauth%2Foauth_controller_test.exs;h=beb995cd8435f5050eb77023c9fa906baa36d947;hb=6085c71bd17e2b676e0820bf3fd93f81a1902ac3;hp=0cf755806ab318db09bb06b41a476385d944f17c;hpb=6abe12dceda8d0d32878208987a9631d5d546a3d;p=akkoma diff --git a/test/web/oauth/oauth_controller_test.exs b/test/web/oauth/oauth_controller_test.exs index 0cf755806..beb995cd8 100644 --- a/test/web/oauth/oauth_controller_test.exs +++ b/test/web/oauth/oauth_controller_test.exs @@ -469,6 +469,29 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do assert html_response(conn, 200) =~ ~s(type="submit") end + test "renders authentication page if user is already authenticated but user request with another client", + %{ + app: app, + conn: conn + } do + token = insert(:oauth_token, app_id: app.id) + + conn = + conn + |> put_session(:oauth_token, token.token) + |> get( + "/oauth/authorize", + %{ + "response_type" => "code", + "client_id" => "another_client_id", + "redirect_uri" => OAuthController.default_redirect_uri(app), + "scope" => "read" + } + ) + + assert html_response(conn, 200) =~ ~s(type="submit") + end + test "with existing authentication and non-OOB `redirect_uri`, redirects to app with `token` and `state` params", %{ app: app, @@ -557,7 +580,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do "password" => "test", "client_id" => app.client_id, "redirect_uri" => redirect_uri, - "scope" => "read write", + "scope" => "read:subscope write", "state" => "statepassed" } }) @@ -570,7 +593,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do assert %{"state" => "statepassed", "code" => code} = query auth = Repo.get_by(Authorization, token: code) assert auth - assert auth.scopes == ["read", "write"] + assert auth.scopes == ["read:subscope", "write"] end test "returns 401 for wrong credentials", %{conn: conn} do @@ -627,7 +650,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do assert result =~ "This action is outside the authorized scopes" end - test "returns 401 for scopes beyond app scopes", %{conn: conn} do + test "returns 401 for scopes beyond app scopes hierarchy", %{conn: conn} do user = insert(:user) app = insert(:oauth_app, scopes: ["read", "write"]) redirect_uri = OAuthController.default_redirect_uri(app) @@ -780,8 +803,8 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do {:ok, user} = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password)) - |> User.change_info(&User.Info.confirmation_changeset(&1, need_confirmation: true)) - |> Repo.update() + |> User.confirmation_changeset(need_confirmation: true) + |> User.update_and_set_cache() refute Pleroma.User.auth_active?(user) @@ -808,7 +831,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password), - info: %{deactivated: true} + deactivated: true ) app = insert(:oauth_app) @@ -834,7 +857,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password), - info: %{password_reset_pending: true} + password_reset_pending: true ) app = insert(:oauth_app, scopes: ["read", "write"]) @@ -852,6 +875,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do assert resp = json_response(conn, 403) assert resp["error"] == "Password reset is required" + assert resp["identifier"] == "password_reset_required" refute Map.has_key?(resp, "access_token") end