diff options
| author | feld <feld@feld.me> | 2024-09-05 21:19:09 +0000 |
|---|---|---|
| committer | feld <feld@feld.me> | 2024-09-05 21:19:09 +0000 |
| commit | 25db1a5d671e64e18af2d49e397438213419aef6 (patch) | |
| tree | 60429fabbd88f1fbd21ecde1821039f4920b2ee7 /test | |
| parent | fbcfbde833b48f880fd4f55314e0d2a51186701b (diff) | |
| parent | 1797f5958a92f78dc79c5bf313755b16319c5d2d (diff) | |
| download | pleroma-25db1a5d671e64e18af2d49e397438213419aef6.tar.gz pleroma-25db1a5d671e64e18af2d49e397438213419aef6.zip | |
Merge branch 'oauth-app-spam2' into 'develop'
OAuth App Spam, revisited
See merge request pleroma/pleroma!4250
Diffstat (limited to 'test')
| -rw-r--r-- | test/pleroma/web/o_auth/app_test.exs | 17 | ||||
| -rw-r--r-- | test/pleroma/web/o_auth/o_auth_controller_test.exs | 8 |
2 files changed, 25 insertions, 0 deletions
diff --git a/test/pleroma/web/o_auth/app_test.exs b/test/pleroma/web/o_auth/app_test.exs index 96a67de6b..44219cf90 100644 --- a/test/pleroma/web/o_auth/app_test.exs +++ b/test/pleroma/web/o_auth/app_test.exs @@ -53,4 +53,21 @@ defmodule Pleroma.Web.OAuth.AppTest do assert Enum.sort(App.get_user_apps(user)) == Enum.sort(apps) end + + test "removes orphaned apps" do + attrs = %{client_name: "Mastodon-Local", redirect_uris: "."} + {:ok, %App{} = old_app} = App.get_or_make(attrs, ["write"]) + + attrs = %{client_name: "PleromaFE", redirect_uris: "."} + {:ok, %App{} = app} = App.get_or_make(attrs, ["write"]) + + # backdate the old app so it's within the threshold for being cleaned up + {:ok, _} = + "UPDATE apps SET inserted_at = now() - interval '1 hour' WHERE id = #{old_app.id}" + |> Pleroma.Repo.query() + + App.remove_orphans() + + assert [app] == Pleroma.Repo.all(App) + end end diff --git a/test/pleroma/web/o_auth/o_auth_controller_test.exs b/test/pleroma/web/o_auth/o_auth_controller_test.exs index 83a08d9fc..260442771 100644 --- a/test/pleroma/web/o_auth/o_auth_controller_test.exs +++ b/test/pleroma/web/o_auth/o_auth_controller_test.exs @@ -12,6 +12,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do alias Pleroma.MFA.TOTP alias Pleroma.Repo alias Pleroma.User + alias Pleroma.Web.OAuth.App alias Pleroma.Web.OAuth.Authorization alias Pleroma.Web.OAuth.OAuthController alias Pleroma.Web.OAuth.Token @@ -770,6 +771,9 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do {:ok, auth} = Authorization.create_authorization(app, user, ["write"]) + # Verify app has no associated user yet + assert %Pleroma.Web.OAuth.App{user_id: nil} = Repo.get_by(App, %{id: app.id}) + conn = build_conn() |> post("/oauth/token", %{ @@ -786,6 +790,10 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do assert token assert token.scopes == auth.scopes assert user.ap_id == ap_id + + # Verify app has an associated user now + user_id = user.id + assert %Pleroma.Web.OAuth.App{user_id: ^user_id} = Repo.get_by(App, %{id: app.id}) end test "issues a token for `password` grant_type with valid credentials, with full permissions by default" do |