6 files changed, 198 insertions, 3 deletions

diff --git a/test/support/factory.ex b/test/support/factory.ex
index 5cf456e3c..6c48d390f 100644
--- a/test/support/factory.ex
+++ b/test/support/factory.ex
@@ -146,4 +146,15 @@ defmodule Pleroma.Factory do
       subscribers: []
     }
   end
+
+  def oauth_app_factory do
+    %Pleroma.Web.OAuth.App{
+      client_name: "Some client",
+      redirect_uris: "https://example.com/callback",
+      scopes: "read",
+      website: "https://example.com",
+      client_id: "aaabbb==",
+      client_secret: "aaa;/&bbb"
+    }
+  end
 end
diff --git a/test/web/activity_pub/activity_pub_controller_test.exs b/test/web/activity_pub/activity_pub_controller_test.exs
index 305f9d0e0..bbf89136b 100644
--- a/test/web/activity_pub/activity_pub_controller_test.exs
+++ b/test/web/activity_pub/activity_pub_controller_test.exs
@@ -4,7 +4,6 @@ defmodule Pleroma.Web.ActivityPub.ActivityPubControllerTest do
   alias Pleroma.Web.ActivityPub.{UserView, ObjectView}
   alias Pleroma.{Repo, User}
   alias Pleroma.Activity
-  alias Pleroma.Web.CommonAPI
 
   describe "/users/:nickname" do
     test "it returns a json representation of the user", %{conn: conn} do
diff --git a/test/web/mastodon_api/mastodon_api_controller_test.exs b/test/web/mastodon_api/mastodon_api_controller_test.exs
index 2abcf0dfe..1291c3693 100644
--- a/test/web/mastodon_api/mastodon_api_controller_test.exs
+++ b/test/web/mastodon_api/mastodon_api_controller_test.exs
@@ -505,6 +505,18 @@ defmodule Pleroma.Web.MastodonAPI.MastodonAPIControllerTest do
 
       assert to_string(activity.id) == id
     end
+
+    test "returns 500 for a wrong id", %{conn: conn} do
+      user = insert(:user)
+
+      resp =
+        conn
+        |> assign(:user, user)
+        |> post("/api/v1/statuses/1/favourite")
+        |> json_response(500)
+
+      assert resp == "Something went wrong"
+    end
   end
 
   describe "unfavoriting" do
diff --git a/test/web/oauth/oauth_controller_test.exs b/test/web/oauth/oauth_controller_test.exs
new file mode 100644
index 000000000..3a902f128
--- /dev/null
+++ b/test/web/oauth/oauth_controller_test.exs
@@ -0,0 +1,113 @@
+defmodule Pleroma.Web.OAuth.OAuthControllerTest do
+  use Pleroma.Web.ConnCase
+  import Pleroma.Factory
+
+  alias Pleroma.Repo
+  alias Pleroma.Web.OAuth.{Authorization, Token}
+
+  test "redirects with oauth authorization" do
+    user = insert(:user)
+    app = insert(:oauth_app)
+
+    conn =
+      build_conn()
+      |> post("/oauth/authorize", %{
+        "authorization" => %{
+          "name" => user.nickname,
+          "password" => "test",
+          "client_id" => app.client_id,
+          "redirect_uri" => app.redirect_uris,
+          "state" => "statepassed"
+        }
+      })
+
+    target = redirected_to(conn)
+    assert target =~ app.redirect_uris
+
+    query = URI.parse(target).query |> URI.query_decoder() |> Map.new()
+
+    assert %{"state" => "statepassed", "code" => code} = query
+    assert Repo.get_by(Authorization, token: code)
+  end
+
+  test "issues a token for an all-body request" do
+    user = insert(:user)
+    app = insert(:oauth_app)
+
+    {:ok, auth} = Authorization.create_authorization(app, user)
+
+    conn =
+      build_conn()
+      |> post("/oauth/token", %{
+        "grant_type" => "authorization_code",
+        "code" => auth.token,
+        "redirect_uri" => app.redirect_uris,
+        "client_id" => app.client_id,
+        "client_secret" => app.client_secret
+      })
+
+    assert %{"access_token" => token} = json_response(conn, 200)
+    assert Repo.get_by(Token, token: token)
+  end
+
+  test "issues a token for request with HTTP basic auth client credentials" do
+    user = insert(:user)
+    app = insert(:oauth_app)
+
+    {:ok, auth} = Authorization.create_authorization(app, user)
+
+    app_encoded =
+      (URI.encode_www_form(app.client_id) <> ":" <> URI.encode_www_form(app.client_secret))
+      |> Base.encode64()
+
+    conn =
+      build_conn()
+      |> put_req_header("authorization", "Basic " <> app_encoded)
+      |> post("/oauth/token", %{
+        "grant_type" => "authorization_code",
+        "code" => auth.token,
+        "redirect_uri" => app.redirect_uris
+      })
+
+    assert %{"access_token" => token} = json_response(conn, 200)
+    assert Repo.get_by(Token, token: token)
+  end
+
+  test "rejects token exchange with invalid client credentials" do
+    user = insert(:user)
+    app = insert(:oauth_app)
+
+    {:ok, auth} = Authorization.create_authorization(app, user)
+
+    conn =
+      build_conn()
+      |> put_req_header("authorization", "Basic JTIxOiVGMCU5RiVBNCVCNwo=")
+      |> post("/oauth/token", %{
+        "grant_type" => "authorization_code",
+        "code" => auth.token,
+        "redirect_uri" => app.redirect_uris
+      })
+
+    assert resp = json_response(conn, 400)
+    assert %{"error" => _} = resp
+    refute Map.has_key?(resp, "access_token")
+  end
+
+  test "rejects an invalid authorization code" do
+    app = insert(:oauth_app)
+
+    conn =
+      build_conn()
+      |> post("/oauth/token", %{
+        "grant_type" => "authorization_code",
+        "code" => "Imobviouslyinvalid",
+        "redirect_uri" => app.redirect_uris,
+        "client_id" => app.client_id,
+        "client_secret" => app.client_secret
+      })
+
+    assert resp = json_response(conn, 400)
+    assert %{"error" => _} = json_response(conn, 400)
+    refute Map.has_key?(resp, "access_token")
+  end
+end
diff --git a/test/web/ostatus/ostatus_controller_test.exs b/test/web/ostatus/ostatus_controller_test.exs
index faee4fc3e..d5adf3bf3 100644
--- a/test/web/ostatus/ostatus_controller_test.exs
+++ b/test/web/ostatus/ostatus_controller_test.exs
@@ -53,11 +53,21 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do
 
     conn =
       conn
+      |> put_req_header("content-type", "application/atom+xml")
       |> get("/users/#{user.nickname}/feed.atom")
 
     assert response(conn, 200) =~ note_activity.data["object"]["content"]
   end
 
+  test "returns 404 for a missing feed", %{conn: conn} do
+    conn =
+      conn
+      |> put_req_header("content-type", "application/atom+xml")
+      |> get("/users/nonexisting/feed.atom")
+
+    assert response(conn, 404)
+  end
+
   test "gets an object", %{conn: conn} do
     note_activity = insert(:note_activity)
     user = User.get_by_ap_id(note_activity.data["actor"])
@@ -90,6 +100,16 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do
     assert response(conn, 404)
   end
 
+  test "404s on nonexisting objects", %{conn: conn} do
+    url = "/objects/123"
+
+    conn =
+      conn
+      |> get(url)
+
+    assert response(conn, 404)
+  end
+
   test "gets an activity", %{conn: conn} do
     note_activity = insert(:note_activity)
     [_, uuid] = hd(Regex.scan(~r/.+\/([\w-]+)$/, note_activity.data["id"]))
@@ -114,6 +134,16 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do
     assert response(conn, 404)
   end
 
+  test "404s on nonexistent activities", %{conn: conn} do
+    url = "/activities/123"
+
+    conn =
+      conn
+      |> get(url)
+
+    assert response(conn, 404)
+  end
+
   test "gets a notice", %{conn: conn} do
     note_activity = insert(:note_activity)
     url = "/notice/#{note_activity.id}"
@@ -135,4 +165,14 @@ defmodule Pleroma.Web.OStatus.OStatusControllerTest do
 
     assert response(conn, 404)
   end
+
+  test "404s a nonexisting notice", %{conn: conn} do
+    url = "/notice/123"
+
+    conn =
+      conn
+      |> get(url)
+
+    assert response(conn, 404)
+  end
 end
diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs
index 03e5824a9..68f4331df 100644
--- a/test/web/twitter_api/twitter_api_controller_test.exs
+++ b/test/web/twitter_api/twitter_api_controller_test.exs
@@ -260,7 +260,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
     test "with credentials", %{conn: conn, user: current_user} do
       other_user = insert(:user)
 
-      {:ok, activity} =
+      {:ok, _activity} =
         ActivityBuilder.insert(%{"to" => [current_user.ap_id]}, %{user: other_user})
 
       conn =
@@ -510,6 +510,24 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
 
       assert json_response(conn, 200)
     end
+
+    test "with credentials, invalid param", %{conn: conn, user: current_user} do
+      conn =
+        conn
+        |> with_credentials(current_user.nickname, "test")
+        |> post("/api/favorites/create/wrong.json")
+
+      assert json_response(conn, 400)
+    end
+
+    test "with credentials, invalid activity", %{conn: conn, user: current_user} do
+      conn =
+        conn
+        |> with_credentials(current_user.nickname, "test")
+        |> post("/api/favorites/create/1.json")
+
+      assert json_response(conn, 500)
+    end
   end
 
   describe "POST /api/favorites/destroy/:id" do
@@ -793,7 +811,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
   test "Convert newlines to <br> in bio", %{conn: conn} do
     user = insert(:user)
 
-    conn =
+    _conn =
       conn
       |> assign(:user, user)
       |> post("/api/account/update_profile.json", %{
@@ -904,6 +922,8 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do
         |> post("/api/pleroma/delete_account", %{"password" => "test"})
 
       assert json_response(conn, 200) == %{"status" => "success"}
+      # Wait a second for the started task to end
+      :timer.sleep(1000)
     end
   end
 end