diff options
| author | Egor Kislitsyn <egor@kislitsyn.com> | 2019-04-08 16:29:20 +0700 | 
|---|---|---|
| committer | Egor Kislitsyn <egor@kislitsyn.com> | 2019-04-08 16:29:20 +0700 | 
| commit | a1a854646e96598473ed7a323e034cf1f88ca508 (patch) | |
| tree | 4a427437c7c444fdfd2bb99dc012a7008d9bb0fe /test | |
| parent | 1c2e4f88d1a707791818014f8bcdedd986c2fa75 (diff) | |
| parent | fb2040d06199f2f4190ff363da54d6fcfa87ff69 (diff) | |
| download | pleroma-a1a854646e96598473ed7a323e034cf1f88ca508.tar.gz pleroma-a1a854646e96598473ed7a323e034cf1f88ca508.zip | |
Merge branch 'develop' into use-jobs-in-webpush
Diffstat (limited to 'test')
| -rw-r--r-- | test/plugs/legacy_authentication_plug_test.exs | 18 | ||||
| -rw-r--r-- | test/support/factory.ex | 10 | ||||
| -rw-r--r-- | test/web/admin_api/admin_api_controller_test.exs | 46 | ||||
| -rw-r--r-- | test/web/mastodon_api/mastodon_api_controller_test.exs | 67 | ||||
| -rw-r--r-- | test/web/oauth/oauth_controller_test.exs | 26 | 
5 files changed, 159 insertions, 8 deletions
| diff --git a/test/plugs/legacy_authentication_plug_test.exs b/test/plugs/legacy_authentication_plug_test.exs index 302662797..8b0b06772 100644 --- a/test/plugs/legacy_authentication_plug_test.exs +++ b/test/plugs/legacy_authentication_plug_test.exs @@ -47,16 +47,18 @@ defmodule Pleroma.Plugs.LegacyAuthenticationPlugTest do        |> assign(:auth_user, user)      conn = -      with_mock User, -        reset_password: fn user, %{password: password, password_confirmation: password} -> -          send(self(), :reset_password) -          {:ok, user} -        end do -        conn -        |> LegacyAuthenticationPlug.call(%{}) +      with_mocks([ +        {:crypt, [], [crypt: fn _password, password_hash -> password_hash end]}, +        {User, [], +         [ +           reset_password: fn user, %{password: password, password_confirmation: password} -> +             {:ok, user} +           end +         ]} +      ]) do +        LegacyAuthenticationPlug.call(conn, %{})        end -    assert_received :reset_password      assert conn.assigns.user == user    end diff --git a/test/support/factory.ex b/test/support/factory.ex index e1a08315a..b37bc2c07 100644 --- a/test/support/factory.ex +++ b/test/support/factory.ex @@ -240,6 +240,16 @@ defmodule Pleroma.Factory do      }    end +  def oauth_authorization_factory do +    %Pleroma.Web.OAuth.Authorization{ +      token: :crypto.strong_rand_bytes(32) |> Base.url_encode64(padding: false), +      scopes: ["read", "write", "follow", "push"], +      valid_until: NaiveDateTime.add(NaiveDateTime.utc_now(), 60 * 10), +      user: build(:user), +      app: build(:oauth_app) +    } +  end +    def push_subscription_factory do      %Pleroma.Web.Push.Subscription{        user: build(:user), diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs index acae64361..dd2fbfb15 100644 --- a/test/web/admin_api/admin_api_controller_test.exs +++ b/test/web/admin_api/admin_api_controller_test.exs @@ -74,6 +74,52 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do      end    end +  describe "/api/pleroma/admin/user/follow" do +    test "allows to force-follow another user" do +      admin = insert(:user, info: %{is_admin: true}) +      user = insert(:user) +      follower = insert(:user) + +      conn = +        build_conn() +        |> assign(:user, admin) +        |> put_req_header("accept", "application/json") +        |> post("/api/pleroma/admin/user/follow", %{ +          "follower" => follower.nickname, +          "followed" => user.nickname +        }) + +      user = User.get_by_id(user.id) +      follower = User.get_by_id(follower.id) + +      assert User.following?(follower, user) +    end +  end + +  describe "/api/pleroma/admin/user/unfollow" do +    test "allows to force-unfollow another user" do +      admin = insert(:user, info: %{is_admin: true}) +      user = insert(:user) +      follower = insert(:user) + +      User.follow(follower, user) + +      conn = +        build_conn() +        |> assign(:user, admin) +        |> put_req_header("accept", "application/json") +        |> post("/api/pleroma/admin/user/unfollow", %{ +          "follower" => follower.nickname, +          "followed" => user.nickname +        }) + +      user = User.get_by_id(user.id) +      follower = User.get_by_id(follower.id) + +      refute User.following?(follower, user) +    end +  end +    describe "PUT /api/pleroma/admin/users/tag" do      setup do        admin = insert(:user, info: %{is_admin: true}) diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs index 6060cc97f..438e9507d 100644 --- a/test/web/mastodon_api/mastodon_api_controller_test.exs +++ b/test/web/mastodon_api/mastodon_api_controller_test.exs @@ -2340,4 +2340,71 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do      refute acc_one == acc_two      assert acc_two == acc_three    end + +  describe "index/2 redirections" do +    setup %{conn: conn} do +      session_opts = [ +        store: :cookie, +        key: "_test", +        signing_salt: "cooldude" +      ] + +      conn = +        conn +        |> Plug.Session.call(Plug.Session.init(session_opts)) +        |> fetch_session() + +      test_path = "/web/statuses/test" +      %{conn: conn, path: test_path} +    end + +    test "redirects not logged-in users to the login page", %{conn: conn, path: path} do +      conn = get(conn, path) + +      assert conn.status == 302 +      assert redirected_to(conn) == "/web/login" +    end + +    test "does not redirect logged in users to the login page", %{conn: conn, path: path} do +      token = insert(:oauth_token) + +      conn = +        conn +        |> assign(:user, token.user) +        |> put_session(:oauth_token, token.token) +        |> get(path) + +      assert conn.status == 200 +    end + +    test "saves referer path to session", %{conn: conn, path: path} do +      conn = get(conn, path) +      return_to = Plug.Conn.get_session(conn, :return_to) + +      assert return_to == path +    end + +    test "redirects to the saved path after log in", %{conn: conn, path: path} do +      app = insert(:oauth_app, client_name: "Mastodon-Local", redirect_uris: ".") +      auth = insert(:oauth_authorization, app: app) + +      conn = +        conn +        |> put_session(:return_to, path) +        |> get("/web/login", %{code: auth.token}) + +      assert conn.status == 302 +      assert redirected_to(conn) == path +    end + +    test "redirects to the getting-started page when referer is not present", %{conn: conn} do +      app = insert(:oauth_app, client_name: "Mastodon-Local", redirect_uris: ".") +      auth = insert(:oauth_authorization, app: app) + +      conn = get(conn, "/web/login", %{code: auth.token}) + +      assert conn.status == 302 +      assert redirected_to(conn) == "/web/getting-started" +    end +  end  end diff --git a/test/web/oauth/oauth_controller_test.exs b/test/web/oauth/oauth_controller_test.exs index a9a0b9ed4..a68528420 100644 --- a/test/web/oauth/oauth_controller_test.exs +++ b/test/web/oauth/oauth_controller_test.exs @@ -327,6 +327,32 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do        refute Map.has_key?(resp, "access_token")      end +    test "rejects token exchange for valid credentials belonging to deactivated user" do +      password = "testpassword" + +      user = +        insert(:user, +          password_hash: Comeonin.Pbkdf2.hashpwsalt(password), +          info: %{deactivated: true} +        ) + +      app = insert(:oauth_app) + +      conn = +        build_conn() +        |> post("/oauth/token", %{ +          "grant_type" => "password", +          "username" => user.nickname, +          "password" => password, +          "client_id" => app.client_id, +          "client_secret" => app.client_secret +        }) + +      assert resp = json_response(conn, 403) +      assert %{"error" => _} = resp +      refute Map.has_key?(resp, "access_token") +    end +      test "rejects an invalid authorization code" do        app = insert(:oauth_app) | 
