diff options
| author | Roger Braun <roger@rogerbraun.net> | 2017-09-09 12:02:59 +0200 | 
|---|---|---|
| committer | Roger Braun <roger@rogerbraun.net> | 2017-09-09 12:02:59 +0200 | 
| commit | 95cedd60004893fd646735d17f7196297c38e22c (patch) | |
| tree | 9915027eb19f458aa8627f8ac886518a27e41d79 /test/web/oauth | |
| parent | 890503ca1ea4308664d31622eb19208757a4c881 (diff) | |
| download | pleroma-95cedd60004893fd646735d17f7196297c38e22c.tar.gz pleroma-95cedd60004893fd646735d17f7196297c38e22c.zip | |
Make auth tokens usable once and expire them.
Diffstat (limited to 'test/web/oauth')
| -rw-r--r-- | test/web/oauth/authorization_test.exs | 42 | ||||
| -rw-r--r-- | test/web/oauth/token_test.exs | 24 | 
2 files changed, 66 insertions, 0 deletions
| diff --git a/test/web/oauth/authorization_test.exs b/test/web/oauth/authorization_test.exs new file mode 100644 index 000000000..52441fa7d --- /dev/null +++ b/test/web/oauth/authorization_test.exs @@ -0,0 +1,42 @@ +defmodule Pleroma.Web.OAuth.AuthorizationTest do +  use Pleroma.DataCase +  alias Pleroma.Web.OAuth.{Authorization, App} +  import Pleroma.Factory + +  test "create an authorization token for a valid app" do +    {:ok, app} = Repo.insert(App.register_changeset(%App{}, %{client_name: "client", scopes: "scope", redirect_uris: "url"})) +    user = insert(:user) + +    {:ok, auth} = Authorization.create_authorization(app, user) + +    assert auth.user_id == user.id +    assert auth.app_id == app.id +    assert String.length(auth.token) > 10 +    assert auth.used == false +  end + +  test "use up a token" do +    {:ok, app} = Repo.insert(App.register_changeset(%App{}, %{client_name: "client", scopes: "scope", redirect_uris: "url"})) +    user = insert(:user) + +    {:ok, auth} = Authorization.create_authorization(app, user) + +    {:ok, auth} = Authorization.use_token(auth) + +    assert auth.used == true + +    assert {:error, "already used"} == Authorization.use_token(auth) + +    expired_auth = %Authorization{ +      user_id: user.id, +      app_id: app.id, +      valid_until: NaiveDateTime.add(NaiveDateTime.utc_now, -10), +      token: "mytoken", +      used: false +    } + +    {:ok, expired_auth} = Repo.insert(expired_auth) + +    assert {:error, "token expired"} == Authorization.use_token(expired_auth) +  end +end diff --git a/test/web/oauth/token_test.exs b/test/web/oauth/token_test.exs new file mode 100644 index 000000000..3bd763989 --- /dev/null +++ b/test/web/oauth/token_test.exs @@ -0,0 +1,24 @@ +defmodule Pleroma.Web.OAuth.TokenTest do +  use Pleroma.DataCase +  alias Pleroma.Web.OAuth.{App, Token, Authorization} +  alias Pleroma.Repo + +  import Pleroma.Factory + +  test "exchanges a auth token for an access token" do +    {:ok, app} = Repo.insert(App.register_changeset(%App{}, %{client_name: "client", scopes: "scope", redirect_uris: "url"})) +    user = insert(:user) + +    {:ok, auth} = Authorization.create_authorization(app, user) + +    {:ok, token} = Token.exchange_token(app, auth) + +    assert token.app_id == app.id +    assert token.user_id == user.id +    assert String.length(token.token) > 10 +    assert String.length(token.refresh_token) > 10 + +    auth = Repo.get(Authorization, auth.id) +    {:error, "already used"} = Token.exchange_token(app, auth) +  end +end | 
