diff options
| author | Mark Felder <feld@feld.me> | 2024-09-01 12:26:59 -0400 |
|---|---|---|
| committer | Mark Felder <feld@feld.me> | 2024-09-01 12:27:16 -0400 |
| commit | 5a1144208d1007af2a2d2279c582adf9d2fa7246 (patch) | |
| tree | 48e84806a712d481de1731ac8842613492be5415 /test | |
| parent | 62856ab18f8992fb73cb27db40bbea9f29b5d1b6 (diff) | |
| download | pleroma-5a1144208d1007af2a2d2279c582adf9d2fa7246.tar.gz pleroma-5a1144208d1007af2a2d2279c582adf9d2fa7246.zip | |
Prevent OAuth App flow from creating duplicate entries
Diffstat (limited to 'test')
| -rw-r--r-- | test/pleroma/web/mastodon_api/controllers/app_controller_test.exs | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/test/pleroma/web/mastodon_api/controllers/app_controller_test.exs b/test/pleroma/web/mastodon_api/controllers/app_controller_test.exs index bc9d4048c..1e2e68791 100644 --- a/test/pleroma/web/mastodon_api/controllers/app_controller_test.exs +++ b/test/pleroma/web/mastodon_api/controllers/app_controller_test.exs @@ -89,4 +89,51 @@ defmodule Pleroma.Web.MastodonAPI.AppControllerTest do assert expected == json_response_and_validate_schema(conn, 200) assert app.user_id == user.id end + + test "creates an oauth app without a user", %{conn: conn} do + app_attrs = build(:oauth_app) + + conn = + conn + |> put_req_header("content-type", "application/json") + |> post("/api/v1/apps", %{ + client_name: app_attrs.client_name, + redirect_uris: app_attrs.redirect_uris + }) + + [app] = Repo.all(App) + + expected = %{ + "name" => app.client_name, + "website" => app.website, + "client_id" => app.client_id, + "client_secret" => app.client_secret, + "id" => app.id |> to_string(), + "redirect_uri" => app.redirect_uris, + "vapid_key" => Push.vapid_config() |> Keyword.get(:public_key) + } + + assert expected == json_response_and_validate_schema(conn, 200) + end + + test "does not duplicate apps with the same client name", %{conn: conn} do + client_name = "BleromaSE" + redirect_uris = "https://bleroma.app/oauth-callback" + + for _i <- 1..3 do + conn + |> put_req_header("content-type", "application/json") + |> post("/api/v1/apps", %{ + client_name: client_name, + redirect_uris: redirect_uris + }) + |> json_response_and_validate_schema(200) + end + + apps = Repo.all(App) + + assert length(apps) == 1 + assert List.first(apps).client_name == client_name + assert List.first(apps).redirect_uris == redirect_uris + end end |