diff options
| author | rinpatch <rinpatch@sdf.org> | 2020-05-02 16:22:21 +0000 |
|---|---|---|
| committer | rinpatch <rinpatch@sdf.org> | 2020-05-02 16:22:21 +0000 |
| commit | 019a192e43c2421c74e5126e753aac095db8ad54 (patch) | |
| tree | 3415b92ed0cb9e59f39946a1439fd918c6ea07ee /test/web/auth/oauth_test_controller_test.exs | |
| parent | 3b15a0eecc62f79465620a697f12b576ed87b0fc (diff) | |
| parent | 04f23294d327f044a72ecd3f269846c2f6198cf1 (diff) | |
| download | pleroma-019a192e43c2421c74e5126e753aac095db8ad54.tar.gz pleroma-019a192e43c2421c74e5126e753aac095db8ad54.zip | |
Merge branch 'release/2.0.3' into 'stable'
Release/2.0.3
See merge request pleroma/secteam/pleroma!3
Diffstat (limited to 'test/web/auth/oauth_test_controller_test.exs')
| -rw-r--r-- | test/web/auth/oauth_test_controller_test.exs | 49 |
1 files changed, 49 insertions, 0 deletions
diff --git a/test/web/auth/oauth_test_controller_test.exs b/test/web/auth/oauth_test_controller_test.exs new file mode 100644 index 000000000..a2f6009ac --- /dev/null +++ b/test/web/auth/oauth_test_controller_test.exs @@ -0,0 +1,49 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Tests.OAuthTestControllerTest do + use Pleroma.Web.ConnCase + + import Pleroma.Factory + + setup %{conn: conn} do + user = insert(:user) + conn = assign(conn, :user, user) + %{conn: conn, user: user} + end + + test "missed_oauth", %{conn: conn} do + res = + conn + |> get("/test/authenticated_api/missed_oauth") + |> json_response(403) + + assert res == + %{ + "error" => + "Security violation: OAuth scopes check was neither handled nor explicitly skipped." + } + end + + test "skipped_oauth", %{conn: conn} do + conn + |> assign(:token, nil) + |> get("/test/authenticated_api/skipped_oauth") + |> json_response(200) + end + + test "performed_oauth", %{user: user} do + %{conn: good_token_conn} = oauth_access(["read"], user: user) + + good_token_conn + |> get("/test/authenticated_api/performed_oauth") + |> json_response(200) + + %{conn: bad_token_conn} = oauth_access(["follow"], user: user) + + bad_token_conn + |> get("/test/authenticated_api/performed_oauth") + |> json_response(403) + end +end |