summaryrefslogtreecommitdiff
path: root/test/web
diff options
context:
space:
mode:
Diffstat (limited to 'test/web')
-rw-r--r--test/web/activity_pub/side_effects_test.exs12
-rw-r--r--test/web/auth/basic_auth_test.exs46
2 files changed, 56 insertions, 2 deletions
diff --git a/test/web/activity_pub/side_effects_test.exs b/test/web/activity_pub/side_effects_test.exs
index b67bd14b3..0b6b55156 100644
--- a/test/web/activity_pub/side_effects_test.exs
+++ b/test/web/activity_pub/side_effects_test.exs
@@ -5,7 +5,9 @@
defmodule Pleroma.Web.ActivityPub.SideEffectsTest do
use Pleroma.DataCase
+ alias Pleroma.Notification
alias Pleroma.Object
+ alias Pleroma.Repo
alias Pleroma.Web.ActivityPub.ActivityPub
alias Pleroma.Web.ActivityPub.Builder
alias Pleroma.Web.ActivityPub.SideEffects
@@ -15,13 +17,14 @@ defmodule Pleroma.Web.ActivityPub.SideEffectsTest do
describe "like objects" do
setup do
+ poster = insert(:user)
user = insert(:user)
- {:ok, post} = CommonAPI.post(user, %{"status" => "hey"})
+ {:ok, post} = CommonAPI.post(poster, %{"status" => "hey"})
{:ok, like_data, _meta} = Builder.like(user, post.object)
{:ok, like, _meta} = ActivityPub.persist(like_data, local: true)
- %{like: like, user: user}
+ %{like: like, user: user, poster: poster}
end
test "add the like to the original object", %{like: like, user: user} do
@@ -30,5 +33,10 @@ defmodule Pleroma.Web.ActivityPub.SideEffectsTest do
assert object.data["like_count"] == 1
assert user.ap_id in object.data["likes"]
end
+
+ test "creates a notification", %{like: like, poster: poster} do
+ {:ok, like, _} = SideEffects.handle(like)
+ assert Repo.get_by(Notification, user_id: poster.id, activity_id: like.id)
+ end
end
end
diff --git a/test/web/auth/basic_auth_test.exs b/test/web/auth/basic_auth_test.exs
new file mode 100644
index 000000000..64f8a6863
--- /dev/null
+++ b/test/web/auth/basic_auth_test.exs
@@ -0,0 +1,46 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
+defmodule Pleroma.Web.Auth.BasicAuthTest do
+ use Pleroma.Web.ConnCase
+
+ import Pleroma.Factory
+
+ test "with HTTP Basic Auth used, grants access to OAuth scope-restricted endpoints", %{
+ conn: conn
+ } do
+ user = insert(:user)
+ assert Comeonin.Pbkdf2.checkpw("test", user.password_hash)
+
+ basic_auth_contents =
+ (URI.encode_www_form(user.nickname) <> ":" <> URI.encode_www_form("test"))
+ |> Base.encode64()
+
+ # Succeeds with HTTP Basic Auth
+ response =
+ conn
+ |> put_req_header("authorization", "Basic " <> basic_auth_contents)
+ |> get("/api/v1/accounts/verify_credentials")
+ |> json_response(200)
+
+ user_nickname = user.nickname
+ assert %{"username" => ^user_nickname} = response
+
+ # Succeeds with a properly scoped OAuth token
+ valid_token = insert(:oauth_token, scopes: ["read:accounts"])
+
+ conn
+ |> put_req_header("authorization", "Bearer #{valid_token.token}")
+ |> get("/api/v1/accounts/verify_credentials")
+ |> json_response(200)
+
+ # Fails with a wrong-scoped OAuth token (proof of restriction)
+ invalid_token = insert(:oauth_token, scopes: ["read:something"])
+
+ conn
+ |> put_req_header("authorization", "Bearer #{invalid_token.token}")
+ |> get("/api/v1/accounts/verify_credentials")
+ |> json_response(403)
+ end
+end
generated by cgit v1.2.3 (git 2.25.1) at 2025-04-26 03:34:56 +0000