git.squeep.com Git - akkoma/blob - test/pleroma/web/plugs/admin_secret_authentication_plug_test.exs

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.Plugs.AdminSecretAuthenticationPlugTest do
   6   use Pleroma.Web.ConnCase
   7
   8   import Mock
   9   import Pleroma.Factory
  10
  11   alias Pleroma.Web.Plugs.AdminSecretAuthenticationPlug
  12   alias Pleroma.Web.Plugs.OAuthScopesPlug
  13   alias Pleroma.Web.Plugs.PlugHelper
  14   alias Pleroma.Web.Plugs.RateLimiter
  15
  16   test "does nothing if a user is assigned", %{conn: conn} do
  17     user = insert(:user)
  18
  19     conn =
  20       conn
  21       |> assign(:user, user)
  22
  23     ret_conn =
  24       conn
  25       |> AdminSecretAuthenticationPlug.call(%{})
  26
  27     assert conn == ret_conn
  28   end
  29
  30   describe "when secret set it assigns an admin user" do
  31     setup do: clear_config([:admin_token])
  32
  33     setup_with_mocks([{RateLimiter, [:passthrough], []}]) do
  34       :ok
  35     end
  36
  37     test "with `admin_token` query parameter", %{conn: conn} do
  38       clear_config(:admin_token, "password123")
  39
  40       conn =
  41         %{conn | params: %{"admin_token" => "wrong_password"}}
  42         |> AdminSecretAuthenticationPlug.call(%{})
  43
  44       refute conn.assigns[:user]
  45       assert called(RateLimiter.call(conn, name: :authentication))
  46
  47       conn =
  48         %{conn | params: %{"admin_token" => "password123"}}
  49         |> AdminSecretAuthenticationPlug.call(%{})
  50
  51       assert conn.assigns[:user].is_admin
  52       assert conn.assigns[:token] == nil
  53       assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)
  54     end
  55
  56     test "with `x-admin-token` HTTP header", %{conn: conn} do
  57       clear_config(:admin_token, "☕️")
  58
  59       conn =
  60         conn
  61         |> put_req_header("x-admin-token", "🥛")
  62         |> AdminSecretAuthenticationPlug.call(%{})
  63
  64       refute conn.assigns[:user]
  65       assert called(RateLimiter.call(conn, name: :authentication))
  66
  67       conn =
  68         conn
  69         |> put_req_header("x-admin-token", "☕️")
  70         |> AdminSecretAuthenticationPlug.call(%{})
  71
  72       assert conn.assigns[:user].is_admin
  73       assert conn.assigns[:token] == nil
  74       assert PlugHelper.plug_skipped?(conn, OAuthScopesPlug)
  75     end
  76   end
  77 end