projects / akkoma / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge develop
[akkoma] / test / plugs / oauth_scopes_plug_test.exs
1 # Pleroma: A lightweight social networking server
2 # Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
3 # SPDX-License-Identifier: AGPL-3.0-only
4
5 defmodule Pleroma.Plugs.OAuthScopesPlugTest do
6 use Pleroma.Web.ConnCase, async: true
7
8 alias Pleroma.Plugs.OAuthScopesPlug
9 alias Pleroma.Repo
10
11 import Pleroma.Factory
12
13 test "proceeds with no op if `assigns[:token]` is nil", %{conn: conn} do
14 conn =
15 conn
16 |> assign(:user, insert(:user))
17 |> OAuthScopesPlug.call(%{scopes: ["read"]})
18
19 refute conn.halted
20 assert conn.assigns[:user]
21 end
22
23 test "proceeds with no op if `token.scopes` fulfill specified 'any of' conditions", %{
24 conn: conn
25 } do
26 token = insert(:oauth_token, scopes: ["read", "write"]) |> Repo.preload(:user)
27
28 conn =
29 conn
30 |> assign(:user, token.user)
31 |> assign(:token, token)
32 |> OAuthScopesPlug.call(%{scopes: ["read"]})
33
34 refute conn.halted
35 assert conn.assigns[:user]
36 end
37
38 test "proceeds with no op if `token.scopes` fulfill specified 'all of' conditions", %{
39 conn: conn
40 } do
41 token = insert(:oauth_token, scopes: ["scope1", "scope2", "scope3"]) |> Repo.preload(:user)
42
43 conn =
44 conn
45 |> assign(:user, token.user)
46 |> assign(:token, token)
47 |> OAuthScopesPlug.call(%{scopes: ["scope2", "scope3"], op: :&})
48
49 refute conn.halted
50 assert conn.assigns[:user]
51 end
52
53 test "proceeds with cleared `assigns[:user]` if `token.scopes` doesn't fulfill specified 'any of' conditions " <>
54 "and `fallback: :proceed_unauthenticated` option is specified",
55 %{conn: conn} do
56 token = insert(:oauth_token, scopes: ["read", "write"]) |> Repo.preload(:user)
57
58 conn =
59 conn
60 |> assign(:user, token.user)
61 |> assign(:token, token)
62 |> OAuthScopesPlug.call(%{scopes: ["follow"], fallback: :proceed_unauthenticated})
63
64 refute conn.halted
65 refute conn.assigns[:user]
66 end
67
68 test "proceeds with cleared `assigns[:user]` if `token.scopes` doesn't fulfill specified 'all of' conditions " <>
69 "and `fallback: :proceed_unauthenticated` option is specified",
70 %{conn: conn} do
71 token = insert(:oauth_token, scopes: ["read", "write"]) |> Repo.preload(:user)
72
73 conn =
74 conn
75 |> assign(:user, token.user)
76 |> assign(:token, token)
77 |> OAuthScopesPlug.call(%{
78 scopes: ["read", "follow"],
79 op: :&,
80 fallback: :proceed_unauthenticated
81 })
82
83 refute conn.halted
84 refute conn.assigns[:user]
85 end
86
87 test "returns 403 and halts in case of no :fallback option and `token.scopes` not fulfilling specified 'any of' conditions",
88 %{conn: conn} do
89 token = insert(:oauth_token, scopes: ["read", "write"])
90 any_of_scopes = ["follow"]
91
92 conn =
93 conn
94 |> assign(:token, token)
95 |> OAuthScopesPlug.call(%{scopes: any_of_scopes})
96
97 assert conn.halted
98 assert 403 == conn.status
99
100 expected_error = "Insufficient permissions: #{Enum.join(any_of_scopes, ", ")}."
101 assert Jason.encode!(%{error: expected_error}) == conn.resp_body
102 end
103
104 test "returns 403 and halts in case of no :fallback option and `token.scopes` not fulfilling specified 'all of' conditions",
105 %{conn: conn} do
106 token = insert(:oauth_token, scopes: ["read", "write"])
107 all_of_scopes = ["write", "follow"]
108
109 conn =
110 conn
111 |> assign(:token, token)
112 |> OAuthScopesPlug.call(%{scopes: all_of_scopes, op: :&})
113
114 assert conn.halted
115 assert 403 == conn.status
116
117 expected_error =
118 "Insufficient permissions: #{Enum.join(all_of_scopes -- token.scopes, ", ")}."
119
120 assert Jason.encode!(%{error: expected_error}) == conn.resp_body
121 end
122 end
Fork of https://akkoma.dev/AkkomaGang/akkoma.git