Merge branch 'develop' into feature/compat/push-subscriptions

# Conflicts: # lib/mix/tasks/sample_config.eex # lib/pleroma/web/twitter_api/controllers/util_controller.ex # mix.exs # mix.lock
author: Egor Kislitsyn <egor@kislitsyn.com> 2018-12-06 19:55:58 +0700
committer: Egor Kislitsyn <egor@kislitsyn.com> 2018-12-06 19:55:58 +0700
commit: 8b4397c704147bcc5ca12ab60dde32f2b6e11a41 (patch)
tree: f1d26585be6673b495d3f4b8bea4deb5f0283d42 /test/plugs
parent: 04a48286e69704bf83429b85dbcdb70863bdcff1 (diff)
parent: 52ce368562de919f1806dfd5235642caf0666e16 (diff)
download: pleroma-8b4397c704147bcc5ca12ab60dde32f2b6e11a41.tar.gz
pleroma-8b4397c704147bcc5ca12ab60dde32f2b6e11a41.zip
2 files changed, 118 insertions, 0 deletions
diff --git a/test/plugs/http_security_plug_test.exs b/test/plugs/http_security_plug_test.exs
new file mode 100644
index 000000000..169c3b3a8
--- /dev/null
+++ b/test/plugs/http_security_plug_test.exs
@@ -0,0 +1,79 @@
+defmodule Pleroma.Web.Plugs.HTTPSecurityPlugTest do
+  use Pleroma.Web.ConnCase
+  alias Pleroma.Config
+  alias Plug.Conn
+
+  test "it sends CSP headers when enabled", %{conn: conn} do
+    Config.put([:http_security, :enabled], true)
+
+    conn =
+      conn
+      |> get("/api/v1/instance")
+
+    refute Conn.get_resp_header(conn, "x-xss-protection") == []
+    refute Conn.get_resp_header(conn, "x-permitted-cross-domain-policies") == []
+    refute Conn.get_resp_header(conn, "x-frame-options") == []
+    refute Conn.get_resp_header(conn, "x-content-type-options") == []
+    refute Conn.get_resp_header(conn, "x-download-options") == []
+    refute Conn.get_resp_header(conn, "referrer-policy") == []
+    refute Conn.get_resp_header(conn, "content-security-policy") == []
+  end
+
+  test "it does not send CSP headers when disabled", %{conn: conn} do
+    Config.put([:http_security, :enabled], false)
+
+    conn =
+      conn
+      |> get("/api/v1/instance")
+
+    assert Conn.get_resp_header(conn, "x-xss-protection") == []
+    assert Conn.get_resp_header(conn, "x-permitted-cross-domain-policies") == []
+    assert Conn.get_resp_header(conn, "x-frame-options") == []
+    assert Conn.get_resp_header(conn, "x-content-type-options") == []
+    assert Conn.get_resp_header(conn, "x-download-options") == []
+    assert Conn.get_resp_header(conn, "referrer-policy") == []
+    assert Conn.get_resp_header(conn, "content-security-policy") == []
+  end
+
+  test "it sends STS headers when enabled", %{conn: conn} do
+    Config.put([:http_security, :enabled], true)
+    Config.put([:http_security, :sts], true)
+
+    conn =
+      conn
+      |> get("/api/v1/instance")
+
+    refute Conn.get_resp_header(conn, "strict-transport-security") == []
+    refute Conn.get_resp_header(conn, "expect-ct") == []
+  end
+
+  test "it does not send STS headers when disabled", %{conn: conn} do
+    Config.put([:http_security, :enabled], true)
+    Config.put([:http_security, :sts], false)
+
+    conn =
+      conn
+      |> get("/api/v1/instance")
+
+    assert Conn.get_resp_header(conn, "strict-transport-security") == []
+    assert Conn.get_resp_header(conn, "expect-ct") == []
+  end
+
+  test "referrer-policy header reflects configured value", %{conn: conn} do
+    Config.put([:http_security, :enabled], true)
+
+    conn =
+      conn
+      |> get("/api/v1/instance")
+
+    assert Conn.get_resp_header(conn, "referrer-policy") == ["same-origin"]
+
+    Config.put([:http_security, :referrer_policy], "no-referrer")
+
+    conn =
+      build_conn()
+      |> get("/api/v1/instance")
+
+    assert Conn.get_resp_header(conn, "referrer-policy") == ["no-referrer"]
+  end
+end
diff --git a/test/plugs/user_is_admin_plug_test.exs b/test/plugs/user_is_admin_plug_test.exs
new file mode 100644
index 000000000..ddf9eb139
--- /dev/null
+++ b/test/plugs/user_is_admin_plug_test.exs
@@ -0,0 +1,39 @@
+defmodule Pleroma.Plugs.UserIsAdminPlugTest do
+  use Pleroma.Web.ConnCase, async: true
+
+  alias Pleroma.Plugs.UserIsAdminPlug
+  import Pleroma.Factory
+
+  test "accepts a user that is admin", %{conn: conn} do
+    user = insert(:user, info: %{"is_admin" => true})
+
+    conn =
+      build_conn()
+      |> assign(:user, user)
+
+    ret_conn =
+      conn
+      |> UserIsAdminPlug.call(%{})
+
+    assert conn == ret_conn
+  end
+
+  test "denies a user that isn't admin", %{conn: conn} do
+    user = insert(:user)
+
+    conn =
+      build_conn()
+      |> assign(:user, user)
+      |> UserIsAdminPlug.call(%{})
+
+    assert conn.status == 403
+  end
+
+  test "denies when a user isn't set", %{conn: conn} do
+    conn =
+      build_conn()
+      |> UserIsAdminPlug.call(%{})
+
+    assert conn.status == 403
+  end
+end
author	Egor Kislitsyn <egor@kislitsyn.com>	2018-12-06 19:55:58 +0700
committer	Egor Kislitsyn <egor@kislitsyn.com>	2018-12-06 19:55:58 +0700
commit	8b4397c704147bcc5ca12ab60dde32f2b6e11a41 (patch)
tree	f1d26585be6673b495d3f4b8bea4deb5f0283d42 /test/plugs
parent	04a48286e69704bf83429b85dbcdb70863bdcff1 (diff)
parent	52ce368562de919f1806dfd5235642caf0666e16 (diff)
download	pleroma-8b4397c704147bcc5ca12ab60dde32f2b6e11a41.tar.gz pleroma-8b4397c704147bcc5ca12ab60dde32f2b6e11a41.zip