git.squeep.com Git - akkoma/blob - test/web/oauth/oauth_controller_test.exs

   1 # Pleroma: A lightweight social networking server
   2 # Copyright © 2017-2018 Pleroma Authors <https://pleroma.social/>
   3 # SPDX-License-Identifier: AGPL-3.0-only
   4
   5 defmodule Pleroma.Web.OAuth.OAuthControllerTest do
   6   use Pleroma.Web.ConnCase
   7   import Pleroma.Factory
   8
   9   alias Pleroma.Repo
  10   alias Pleroma.Web.OAuth.{Authorization, Token}
  11
  12   test "redirects with oauth authorization" do
  13     user = insert(:user)
  14     app = insert(:oauth_app)
  15
  16     conn =
  17       build_conn()
  18       |> post("/oauth/authorize", %{
  19         "authorization" => %{
  20           "name" => user.nickname,
  21           "password" => "test",
  22           "client_id" => app.client_id,
  23           "redirect_uri" => app.redirect_uris,
  24           "state" => "statepassed"
  25         }
  26       })
  27
  28     target = redirected_to(conn)
  29     assert target =~ app.redirect_uris
  30
  31     query = URI.parse(target).query |> URI.query_decoder() |> Map.new()
  32
  33     assert %{"state" => "statepassed", "code" => code} = query
  34     assert Repo.get_by(Authorization, token: code)
  35   end
  36
  37   test "issues a token for an all-body request" do
  38     user = insert(:user)
  39     app = insert(:oauth_app)
  40
  41     {:ok, auth} = Authorization.create_authorization(app, user)
  42
  43     conn =
  44       build_conn()
  45       |> post("/oauth/token", %{
  46         "grant_type" => "authorization_code",
  47         "code" => auth.token,
  48         "redirect_uri" => app.redirect_uris,
  49         "client_id" => app.client_id,
  50         "client_secret" => app.client_secret
  51       })
  52
  53     assert %{"access_token" => token} = json_response(conn, 200)
  54     assert Repo.get_by(Token, token: token)
  55   end
  56
  57   test "issues a token for `password` grant_type with valid credentials" do
  58     password = "testpassword"
  59     user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
  60
  61     app = insert(:oauth_app)
  62
  63     conn =
  64       build_conn()
  65       |> post("/oauth/token", %{
  66         "grant_type" => "password",
  67         "username" => user.nickname,
  68         "password" => password,
  69         "client_id" => app.client_id,
  70         "client_secret" => app.client_secret
  71       })
  72
  73     assert %{"access_token" => token} = json_response(conn, 200)
  74     assert Repo.get_by(Token, token: token)
  75   end
  76
  77   test "issues a token for request with HTTP basic auth client credentials" do
  78     user = insert(:user)
  79     app = insert(:oauth_app)
  80
  81     {:ok, auth} = Authorization.create_authorization(app, user)
  82
  83     app_encoded =
  84       (URI.encode_www_form(app.client_id) <> ":" <> URI.encode_www_form(app.client_secret))
  85       |> Base.encode64()
  86
  87     conn =
  88       build_conn()
  89       |> put_req_header("authorization", "Basic " <> app_encoded)
  90       |> post("/oauth/token", %{
  91         "grant_type" => "authorization_code",
  92         "code" => auth.token,
  93         "redirect_uri" => app.redirect_uris
  94       })
  95
  96     assert %{"access_token" => token} = json_response(conn, 200)
  97     assert Repo.get_by(Token, token: token)
  98   end
  99
 100   test "rejects token exchange with invalid client credentials" do
 101     user = insert(:user)
 102     app = insert(:oauth_app)
 103
 104     {:ok, auth} = Authorization.create_authorization(app, user)
 105
 106     conn =
 107       build_conn()
 108       |> put_req_header("authorization", "Basic JTIxOiVGMCU5RiVBNCVCNwo=")
 109       |> post("/oauth/token", %{
 110         "grant_type" => "authorization_code",
 111         "code" => auth.token,
 112         "redirect_uri" => app.redirect_uris
 113       })
 114
 115     assert resp = json_response(conn, 400)
 116     assert %{"error" => _} = resp
 117     refute Map.has_key?(resp, "access_token")
 118   end
 119
 120   test "rejects token exchange for valid credentials belonging to unconfirmed user and confirmation is required" do
 121     setting = Pleroma.Config.get([:instance, :account_activation_required])
 122
 123     unless setting do
 124       Pleroma.Config.put([:instance, :account_activation_required], true)
 125       on_exit(fn -> Pleroma.Config.put([:instance, :account_activation_required], setting) end)
 126     end
 127
 128     password = "testpassword"
 129     user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password))
 130     info_change = Pleroma.User.Info.confirmation_changeset(user.info, :unconfirmed)
 131
 132     {:ok, user} =
 133       user
 134       |> Ecto.Changeset.change()
 135       |> Ecto.Changeset.put_embed(:info, info_change)
 136       |> Repo.update()
 137
 138     refute Pleroma.User.auth_active?(user)
 139
 140     app = insert(:oauth_app)
 141
 142     conn =
 143       build_conn()
 144       |> post("/oauth/token", %{
 145         "grant_type" => "password",
 146         "username" => user.nickname,
 147         "password" => password,
 148         "client_id" => app.client_id,
 149         "client_secret" => app.client_secret
 150       })
 151
 152     assert resp = json_response(conn, 403)
 153     assert %{"error" => _} = resp
 154     refute Map.has_key?(resp, "access_token")
 155   end
 156
 157   test "rejects an invalid authorization code" do
 158     app = insert(:oauth_app)
 159
 160     conn =
 161       build_conn()
 162       |> post("/oauth/token", %{
 163         "grant_type" => "authorization_code",
 164         "code" => "Imobviouslyinvalid",
 165         "redirect_uri" => app.redirect_uris,
 166         "client_id" => app.client_id,
 167         "client_secret" => app.client_secret
 168       })
 169
 170     assert resp = json_response(conn, 400)
 171     assert %{"error" => _} = json_response(conn, 400)
 172     refute Map.has_key?(resp, "access_token")
 173   end
 174 end