1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
5 defmodule Pleroma.Web.Plugs.OAuthPlugTest do
6 use Pleroma.Web.ConnCase, async: true
8 alias Pleroma.Web.OAuth.Token
9 alias Pleroma.Web.Plugs.OAuthPlug
11 import Pleroma.Factory
13 setup %{conn: conn} do
15 {:ok, oauth_token} = Token.create(insert(:oauth_app), user)
16 %{user: user, token: oauth_token, conn: conn}
19 test "it does nothing if a user is assigned", %{conn: conn} do
20 conn = assign(conn, :user, %Pleroma.User{})
21 ret_conn = OAuthPlug.call(conn, %{})
23 assert ret_conn == conn
26 test "with valid token (uppercase) in auth header, it assigns the user", %{conn: conn} = opts do
29 |> put_req_header("authorization", "BEARER #{opts[:token].token}")
30 |> OAuthPlug.call(%{})
32 assert conn.assigns[:user] == opts[:user]
35 test "with valid token (downcase) in auth header, it assigns the user", %{conn: conn} = opts do
38 |> put_req_header("authorization", "bearer #{opts[:token].token}")
39 |> OAuthPlug.call(%{})
41 assert conn.assigns[:user] == opts[:user]
44 test "with valid token (downcase) in url parameters, it assigns the user", opts do
47 |> build_conn("/?access_token=#{opts[:token].token}")
48 |> put_req_header("content-type", "application/json")
49 |> fetch_query_params()
50 |> OAuthPlug.call(%{})
52 assert conn.assigns[:user] == opts[:user]
55 test "with valid token (downcase) in body parameters, it assigns the user", opts do
58 |> build_conn("/api/v1/statuses", access_token: opts[:token].token, status: "test")
59 |> OAuthPlug.call(%{})
61 assert conn.assigns[:user] == opts[:user]
64 test "with invalid token, it does not assign the user", %{conn: conn} do
67 |> put_req_header("authorization", "bearer TTTTT")
68 |> OAuthPlug.call(%{})
70 refute conn.assigns[:user]