Merge remote-tracking branch 'remotes/origin/develop' into ostatus-controller-no-auth-check-on-non-federating-instances

# Conflicts: # lib/pleroma/web/feed/user_controller.ex # lib/pleroma/web/o_status/o_status_controller.ex # lib/pleroma/web/router.ex # lib/pleroma/web/static_fe/static_fe_controller.ex
author: Ivan Tashkinov <ivantashkinov@gmail.com> 2020-10-17 13:12:39 +0300
committer: Ivan Tashkinov <ivantashkinov@gmail.com> 2020-10-17 13:12:39 +0300
commit: 049ece1ef38f1aeb656a88ed1d15bf3d4a364e01 (patch)
tree: 16d4a05e533685e8b8385f886e58addb05a90d7d /test/web/auth/auth_test_controller_test.exs
parent: 2498e569f12694439b6f99d0730f6fb36301c454 (diff)
parent: 023f726d7f497705d766adee8874b94efb08a0aa (diff)
download: pleroma-049ece1ef38f1aeb656a88ed1d15bf3d4a364e01.tar.gz
pleroma-049ece1ef38f1aeb656a88ed1d15bf3d4a364e01.zip
1 files changed, 0 insertions, 242 deletions
diff --git a/test/web/auth/auth_test_controller_test.exs b/test/web/auth/auth_test_controller_test.exs
deleted file mode 100644
index fed52b7f3..000000000
--- a/test/web/auth/auth_test_controller_test.exs
+++ /dev/null
@@ -1,242 +0,0 @@
-# Pleroma: A lightweight social networking server
-# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
-# SPDX-License-Identifier: AGPL-3.0-only
-
-defmodule Pleroma.Tests.AuthTestControllerTest do
-  use Pleroma.Web.ConnCase
-
-  import Pleroma.Factory
-
-  describe "do_oauth_check" do
-    test "serves with proper OAuth token (fulfilling requested scopes)" do
-      %{conn: good_token_conn, user: user} = oauth_access(["read"])
-
-      assert %{"user_id" => user.id} ==
-               good_token_conn
-               |> get("/test/authenticated_api/do_oauth_check")
-               |> json_response(200)
-
-      # Unintended usage (:api) — use with :authenticated_api instead
-      assert %{"user_id" => user.id} ==
-               good_token_conn
-               |> get("/test/api/do_oauth_check")
-               |> json_response(200)
-    end
-
-    test "fails on no token / missing scope(s)" do
-      %{conn: bad_token_conn} = oauth_access(["irrelevant_scope"])
-
-      bad_token_conn
-      |> get("/test/authenticated_api/do_oauth_check")
-      |> json_response(403)
-
-      bad_token_conn
-      |> assign(:token, nil)
-      |> get("/test/api/do_oauth_check")
-      |> json_response(403)
-    end
-  end
-
-  describe "fallback_oauth_check" do
-    test "serves with proper OAuth token (fulfilling requested scopes)" do
-      %{conn: good_token_conn, user: user} = oauth_access(["read"])
-
-      assert %{"user_id" => user.id} ==
-               good_token_conn
-               |> get("/test/api/fallback_oauth_check")
-               |> json_response(200)
-
-      # Unintended usage (:authenticated_api) — use with :api instead
-      assert %{"user_id" => user.id} ==
-               good_token_conn
-               |> get("/test/authenticated_api/fallback_oauth_check")
-               |> json_response(200)
-    end
-
-    test "for :api on public instance, drops :user and renders on no token / missing scope(s)" do
-      clear_config([:instance, :public], true)
-
-      %{conn: bad_token_conn} = oauth_access(["irrelevant_scope"])
-
-      assert %{"user_id" => nil} ==
-               bad_token_conn
-               |> get("/test/api/fallback_oauth_check")
-               |> json_response(200)
-
-      assert %{"user_id" => nil} ==
-               bad_token_conn
-               |> assign(:token, nil)
-               |> get("/test/api/fallback_oauth_check")
-               |> json_response(200)
-    end
-
-    test "for :api on private instance, fails on no token / missing scope(s)" do
-      clear_config([:instance, :public], false)
-
-      %{conn: bad_token_conn} = oauth_access(["irrelevant_scope"])
-
-      bad_token_conn
-      |> get("/test/api/fallback_oauth_check")
-      |> json_response(403)
-
-      bad_token_conn
-      |> assign(:token, nil)
-      |> get("/test/api/fallback_oauth_check")
-      |> json_response(403)
-    end
-  end
-
-  describe "skip_oauth_check" do
-    test "for :authenticated_api, serves if :user is set (regardless of token / token scopes)" do
-      user = insert(:user)
-
-      assert %{"user_id" => user.id} ==
-               build_conn()
-               |> assign(:user, user)
-               |> get("/test/authenticated_api/skip_oauth_check")
-               |> json_response(200)
-
-      %{conn: bad_token_conn, user: user} = oauth_access(["irrelevant_scope"])
-
-      assert %{"user_id" => user.id} ==
-               bad_token_conn
-               |> get("/test/authenticated_api/skip_oauth_check")
-               |> json_response(200)
-    end
-
-    test "serves via :api on public instance if :user is not set" do
-      clear_config([:instance, :public], true)
-
-      assert %{"user_id" => nil} ==
-               build_conn()
-               |> get("/test/api/skip_oauth_check")
-               |> json_response(200)
-
-      build_conn()
-      |> get("/test/authenticated_api/skip_oauth_check")
-      |> json_response(403)
-    end
-
-    test "fails on private instance if :user is not set" do
-      clear_config([:instance, :public], false)
-
-      build_conn()
-      |> get("/test/api/skip_oauth_check")
-      |> json_response(403)
-
-      build_conn()
-      |> get("/test/authenticated_api/skip_oauth_check")
-      |> json_response(403)
-    end
-  end
-
-  describe "fallback_oauth_skip_publicity_check" do
-    test "serves with proper OAuth token (fulfilling requested scopes)" do
-      %{conn: good_token_conn, user: user} = oauth_access(["read"])
-
-      assert %{"user_id" => user.id} ==
-               good_token_conn
-               |> get("/test/api/fallback_oauth_skip_publicity_check")
-               |> json_response(200)
-
-      # Unintended usage (:authenticated_api)
-      assert %{"user_id" => user.id} ==
-               good_token_conn
-               |> get("/test/authenticated_api/fallback_oauth_skip_publicity_check")
-               |> json_response(200)
-    end
-
-    test "for :api on private / public instance, drops :user and renders on token issue" do
-      %{conn: bad_token_conn} = oauth_access(["irrelevant_scope"])
-
-      for is_public <- [true, false] do
-        clear_config([:instance, :public], is_public)
-
-        assert %{"user_id" => nil} ==
-                 bad_token_conn
-                 |> get("/test/api/fallback_oauth_skip_publicity_check")
-                 |> json_response(200)
-
-        assert %{"user_id" => nil} ==
-                 bad_token_conn
-                 |> assign(:token, nil)
-                 |> get("/test/api/fallback_oauth_skip_publicity_check")
-                 |> json_response(200)
-      end
-    end
-  end
-
-  describe "skip_oauth_skip_publicity_check" do
-    test "for :authenticated_api, serves if :user is set (regardless of token / token scopes)" do
-      user = insert(:user)
-
-      assert %{"user_id" => user.id} ==
-               build_conn()
-               |> assign(:user, user)
-               |> get("/test/authenticated_api/skip_oauth_skip_publicity_check")
-               |> json_response(200)
-
-      %{conn: bad_token_conn, user: user} = oauth_access(["irrelevant_scope"])
-
-      assert %{"user_id" => user.id} ==
-               bad_token_conn
-               |> get("/test/authenticated_api/skip_oauth_skip_publicity_check")
-               |> json_response(200)
-    end
-
-    test "for :api, serves on private and public instances regardless of whether :user is set" do
-      user = insert(:user)
-
-      for is_public <- [true, false] do
-        clear_config([:instance, :public], is_public)
-
-        assert %{"user_id" => nil} ==
-                 build_conn()
-                 |> get("/test/api/skip_oauth_skip_publicity_check")
-                 |> json_response(200)
-
-        assert %{"user_id" => user.id} ==
-                 build_conn()
-                 |> assign(:user, user)
-                 |> get("/test/api/skip_oauth_skip_publicity_check")
-                 |> json_response(200)
-      end
-    end
-  end
-
-  describe "missing_oauth_check_definition" do
-    def test_missing_oauth_check_definition_failure(endpoint, expected_error) do
-      %{conn: conn} = oauth_access(["read", "write", "follow", "push", "admin"])
-
-      assert %{"error" => expected_error} ==
-               conn
-               |> get(endpoint)
-               |> json_response(403)
-    end
-
-    test "fails if served via :authenticated_api" do
-      test_missing_oauth_check_definition_failure(
-        "/test/authenticated_api/missing_oauth_check_definition",
-        "Security violation: OAuth scopes check was neither handled nor explicitly skipped."
-      )
-    end
-
-    test "fails if served via :api and the instance is private" do
-      clear_config([:instance, :public], false)
-
-      test_missing_oauth_check_definition_failure(
-        "/test/api/missing_oauth_check_definition",
-        "This resource requires authentication."
-      )
-    end
-
-    test "succeeds with dropped :user if served via :api on public instance" do
-      %{conn: conn} = oauth_access(["read", "write", "follow", "push", "admin"])
-
-      assert %{"user_id" => nil} ==
-               conn
-               |> get("/test/api/missing_oauth_check_definition")
-               |> json_response(200)
-    end
-  end
-end
author	Ivan Tashkinov <ivantashkinov@gmail.com>	2020-10-17 13:12:39 +0300
committer	Ivan Tashkinov <ivantashkinov@gmail.com>	2020-10-17 13:12:39 +0300
commit	049ece1ef38f1aeb656a88ed1d15bf3d4a364e01 (patch)
tree	16d4a05e533685e8b8385f886e58addb05a90d7d /test/web/auth/auth_test_controller_test.exs
parent	2498e569f12694439b6f99d0730f6fb36301c454 (diff)
parent	023f726d7f497705d766adee8874b94efb08a0aa (diff)
download	pleroma-049ece1ef38f1aeb656a88ed1d15bf3d4a364e01.tar.gz pleroma-049ece1ef38f1aeb656a88ed1d15bf3d4a364e01.zip