git.squeep.com Git - akkoma/blob - test/pleroma/web/plugs/ensure_authenticated_plug_test.exs

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.Plugs.EnsureAuthenticatedPlugTest do
   6   use Pleroma.Web.ConnCase, async: true
   7
   8   alias Pleroma.User
   9   alias Pleroma.Web.Plugs.EnsureAuthenticatedPlug
  10
  11   describe "without :if_func / :unless_func options" do
  12     test "it halts if user is NOT assigned", %{conn: conn} do
  13       conn = EnsureAuthenticatedPlug.call(conn, %{})
  14
  15       assert conn.status == 403
  16       assert conn.halted == true
  17     end
  18
  19     test "it continues if a user is assigned", %{conn: conn} do
  20       conn = assign(conn, :user, %User{})
  21       ret_conn = EnsureAuthenticatedPlug.call(conn, %{})
  22
  23       refute ret_conn.halted
  24     end
  25   end
  26
  27   test "it halts if user is assigned and MFA enabled", %{conn: conn} do
  28     conn =
  29       conn
  30       |> assign(:user, %User{multi_factor_authentication_settings: %{enabled: true}})
  31       |> assign(:auth_credentials, %{password: "xd-42"})
  32       |> EnsureAuthenticatedPlug.call(%{})
  33
  34     assert conn.status == 403
  35     assert conn.halted == true
  36
  37     assert conn.resp_body ==
  38              "{\"error\":\"Two-factor authentication enabled, you must use a access token.\"}"
  39   end
  40
  41   test "it continues if user is assigned and MFA disabled", %{conn: conn} do
  42     conn =
  43       conn
  44       |> assign(:user, %User{multi_factor_authentication_settings: %{enabled: false}})
  45       |> assign(:auth_credentials, %{password: "xd-42"})
  46       |> EnsureAuthenticatedPlug.call(%{})
  47
  48     refute conn.status == 403
  49     refute conn.halted
  50   end
  51
  52   describe "with :if_func / :unless_func options" do
  53     setup do
  54       %{
  55         true_fn: fn _conn -> true end,
  56         false_fn: fn _conn -> false end
  57       }
  58     end
  59
  60     test "it continues if a user is assigned", %{conn: conn, true_fn: true_fn, false_fn: false_fn} do
  61       conn = assign(conn, :user, %User{})
  62       refute EnsureAuthenticatedPlug.call(conn, if_func: true_fn).halted
  63       refute EnsureAuthenticatedPlug.call(conn, if_func: false_fn).halted
  64       refute EnsureAuthenticatedPlug.call(conn, unless_func: true_fn).halted
  65       refute EnsureAuthenticatedPlug.call(conn, unless_func: false_fn).halted
  66     end
  67
  68     test "it continues if a user is NOT assigned but :if_func evaluates to `false`",
  69          %{conn: conn, false_fn: false_fn} do
  70       ret_conn = EnsureAuthenticatedPlug.call(conn, if_func: false_fn)
  71       refute ret_conn.halted
  72     end
  73
  74     test "it continues if a user is NOT assigned but :unless_func evaluates to `true`",
  75          %{conn: conn, true_fn: true_fn} do
  76       ret_conn = EnsureAuthenticatedPlug.call(conn, unless_func: true_fn)
  77       refute ret_conn.halted
  78     end
  79
  80     test "it halts if a user is NOT assigned and :if_func evaluates to `true`",
  81          %{conn: conn, true_fn: true_fn} do
  82       conn = EnsureAuthenticatedPlug.call(conn, if_func: true_fn)
  83
  84       assert conn.status == 403
  85       assert conn.halted == true
  86     end
  87
  88     test "it halts if a user is NOT assigned and :unless_func evaluates to `false`",
  89          %{conn: conn, false_fn: false_fn} do
  90       conn = EnsureAuthenticatedPlug.call(conn, unless_func: false_fn)
  91
  92       assert conn.status == 403
  93       assert conn.halted == true
  94     end
  95   end
  96 end