X-Git-Url: https://git.squeep.com/?a=blobdiff_plain;f=test%2Fplugs%2Fadmin_secret_authentication_plug_test.exs;h=100016c62842461e987b0c04f82efa71fe6a45a2;hb=287f781808c88f43f5689508b5aa21f6639b9d16;hp=e1d4b391f76978dc54bbd29b8b5bf3634e61ff62;hpb=3c08d229db423052d0dd88b8a36fb39b0ae81ead;p=akkoma
diff --git a/test/plugs/admin_secret_authentication_plug_test.exs b/test/plugs/admin_secret_authentication_plug_test.exs
index e1d4b391f..100016c62 100644
--- a/test/plugs/admin_secret_authentication_plug_test.exs
+++ b/test/plugs/admin_secret_authentication_plug_test.exs
@@ -1,5 +1,5 @@
# Pleroma: A lightweight social networking server
-# Copyright © 2017-2018 Pleroma Authors
+# Copyright © 2017-2020 Pleroma Authors
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Plugs.AdminSecretAuthenticationPlugTest do
@@ -22,21 +22,41 @@ defmodule Pleroma.Plugs.AdminSecretAuthenticationPlugTest do
assert conn == ret_conn
end
- test "with secret set and given in the 'admin_token' parameter, it assigns an admin user", %{
- conn: conn
- } do
- Pleroma.Config.put(:admin_token, "password123")
+ describe "when secret set it assigns an admin user" do
+ setup do: clear_config([:admin_token])
- conn =
- %{conn | params: %{"admin_token" => "wrong_password"}}
- |> AdminSecretAuthenticationPlug.call(%{})
+ test "with `admin_token` query parameter", %{conn: conn} do
+ Pleroma.Config.put(:admin_token, "password123")
- refute conn.assigns[:user]
+ conn =
+ %{conn | params: %{"admin_token" => "wrong_password"}}
+ |> AdminSecretAuthenticationPlug.call(%{})
- conn =
- %{conn | params: %{"admin_token" => "password123"}}
- |> AdminSecretAuthenticationPlug.call(%{})
+ refute conn.assigns[:user]
+
+ conn =
+ %{conn | params: %{"admin_token" => "password123"}}
+ |> AdminSecretAuthenticationPlug.call(%{})
+
+ assert conn.assigns[:user].is_admin
+ end
+
+ test "with `x-admin-token` HTTP header", %{conn: conn} do
+ Pleroma.Config.put(:admin_token, "âï¸")
+
+ conn =
+ conn
+ |> put_req_header("x-admin-token", "ð¥")
+ |> AdminSecretAuthenticationPlug.call(%{})
+
+ refute conn.assigns[:user]
+
+ conn =
+ conn
+ |> put_req_header("x-admin-token", "âï¸")
+ |> AdminSecretAuthenticationPlug.call(%{})
- assert conn.assigns[:user].info.is_admin
+ assert conn.assigns[:user].is_admin
+ end
end
end