summaryrefslogtreecommitdiff
path: root/test/web/admin_api/admin_api_controller_test.exs
diff options
context:
space:
mode:
Diffstat (limited to 'test/web/admin_api/admin_api_controller_test.exs')
-rw-r--r--test/web/admin_api/admin_api_controller_test.exs102
1 files changed, 78 insertions, 24 deletions
diff --git a/test/web/admin_api/admin_api_controller_test.exs b/test/web/admin_api/admin_api_controller_test.exs
index e4c152fb7..c9e228cc8 100644
--- a/test/web/admin_api/admin_api_controller_test.exs
+++ b/test/web/admin_api/admin_api_controller_test.exs
@@ -43,9 +43,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
end
describe "with [:auth, :enforce_oauth_admin_scope_usage]," do
- clear_config([:auth, :enforce_oauth_admin_scope_usage]) do
- Config.put([:auth, :enforce_oauth_admin_scope_usage], true)
- end
+ setup do: clear_config([:auth, :enforce_oauth_admin_scope_usage], true)
test "GET /api/pleroma/admin/users/:nickname requires admin:read:accounts or broader scope",
%{admin: admin} do
@@ -93,9 +91,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
end
describe "unless [:auth, :enforce_oauth_admin_scope_usage]," do
- clear_config([:auth, :enforce_oauth_admin_scope_usage]) do
- Config.put([:auth, :enforce_oauth_admin_scope_usage], false)
- end
+ setup do: clear_config([:auth, :enforce_oauth_admin_scope_usage], false)
test "GET /api/pleroma/admin/users/:nickname requires " <>
"read:accounts or admin:read:accounts or broader scope",
@@ -581,13 +577,8 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
end
describe "POST /api/pleroma/admin/email_invite, with valid config" do
- clear_config([:instance, :registrations_open]) do
- Config.put([:instance, :registrations_open], false)
- end
-
- clear_config([:instance, :invites_enabled]) do
- Config.put([:instance, :invites_enabled], true)
- end
+ setup do: clear_config([:instance, :registrations_open], false)
+ setup do: clear_config([:instance, :invites_enabled], true)
test "sends invitation and returns 204", %{admin: admin, conn: conn} do
recipient_email = "foo@bar.com"
@@ -638,8 +629,8 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
end
describe "POST /api/pleroma/admin/users/email_invite, with invalid config" do
- clear_config([:instance, :registrations_open])
- clear_config([:instance, :invites_enabled])
+ setup do: clear_config([:instance, :registrations_open])
+ setup do: clear_config([:instance, :invites_enabled])
test "it returns 500 if `invites_enabled` is not enabled", %{conn: conn} do
Config.put([:instance, :registrations_open], false)
@@ -1888,9 +1879,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
end
describe "GET /api/pleroma/admin/config" do
- clear_config(:configurable_from_database) do
- Config.put(:configurable_from_database, true)
- end
+ setup do: clear_config(:configurable_from_database, true)
test "when configuration from database is off", %{conn: conn} do
Config.put(:configurable_from_database, false)
@@ -2041,9 +2030,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
end)
end
- clear_config(:configurable_from_database) do
- Config.put(:configurable_from_database, true)
- end
+ setup do: clear_config(:configurable_from_database, true)
@tag capture_log: true
test "create new config setting in db", %{conn: conn} do
@@ -3052,9 +3039,7 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
end
describe "GET /api/pleroma/admin/restart" do
- clear_config(:configurable_from_database) do
- Config.put(:configurable_from_database, true)
- end
+ setup do: clear_config(:configurable_from_database, true)
test "pleroma restarts", %{conn: conn} do
capture_log(fn ->
@@ -3389,6 +3374,75 @@ defmodule Pleroma.Web.AdminAPI.AdminAPIControllerTest do
end
end
+ describe "GET /users/:nickname/credentials" do
+ test "gets the user credentials", %{conn: conn} do
+ user = insert(:user)
+ conn = get(conn, "/api/pleroma/admin/users/#{user.nickname}/credentials")
+
+ response = assert json_response(conn, 200)
+ assert response["email"] == user.email
+ end
+
+ test "returns 403 if requested by a non-admin" do
+ user = insert(:user)
+
+ conn =
+ build_conn()
+ |> assign(:user, user)
+ |> get("/api/pleroma/admin/users/#{user.nickname}/credentials")
+
+ assert json_response(conn, :forbidden)
+ end
+ end
+
+ describe "PATCH /users/:nickname/credentials" do
+ test "changes password and email", %{conn: conn, admin: admin} do
+ user = insert(:user)
+ assert user.password_reset_pending == false
+
+ conn =
+ patch(conn, "/api/pleroma/admin/users/#{user.nickname}/credentials", %{
+ "password" => "new_password",
+ "email" => "new_email@example.com",
+ "name" => "new_name"
+ })
+
+ assert json_response(conn, 200) == %{"status" => "success"}
+
+ ObanHelpers.perform_all()
+
+ updated_user = User.get_by_id(user.id)
+
+ assert updated_user.email == "new_email@example.com"
+ assert updated_user.name == "new_name"
+ assert updated_user.password_hash != user.password_hash
+ assert updated_user.password_reset_pending == true
+
+ [log_entry2, log_entry1] = ModerationLog |> Repo.all() |> Enum.sort()
+
+ assert ModerationLog.get_log_entry_message(log_entry1) ==
+ "@#{admin.nickname} updated users: @#{user.nickname}"
+
+ assert ModerationLog.get_log_entry_message(log_entry2) ==
+ "@#{admin.nickname} forced password reset for users: @#{user.nickname}"
+ end
+
+ test "returns 403 if requested by a non-admin" do
+ user = insert(:user)
+
+ conn =
+ build_conn()
+ |> assign(:user, user)
+ |> patch("/api/pleroma/admin/users/#{user.nickname}/credentials", %{
+ "password" => "new_password",
+ "email" => "new_email@example.com",
+ "name" => "new_name"
+ })
+
+ assert json_response(conn, :forbidden)
+ end
+ end
+
describe "PATCH /users/:nickname/force_password_reset" do
test "sets password_reset_pending to true", %{conn: conn} do
user = insert(:user)
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-27 18:05:13 +0000