From 1825118fd46883cb2a9132b039925c160ad7e57b Mon Sep 17 00:00:00 2001
From: lain <lain@soykaf.club>
Date: Mon, 28 Jan 2019 11:41:47 +0100
Subject: Correctly handle invalid credentials on auth login.

Closes #407
---
 test/web/oauth/oauth_controller_test.exs | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

(limited to 'test/web/oauth/oauth_controller_test.exs')

diff --git a/test/web/oauth/oauth_controller_test.exs b/test/web/oauth/oauth_controller_test.exs
index ccd552258..e0d3cb55f 100644
--- a/test/web/oauth/oauth_controller_test.exs
+++ b/test/web/oauth/oauth_controller_test.exs
@@ -34,6 +34,31 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
     assert Repo.get_by(Authorization, token: code)
   end
 
+  test "correctly handles wrong credentials", %{conn: conn} do
+    user = insert(:user)
+    app = insert(:oauth_app)
+
+    result =
+      conn
+      |> post("/oauth/authorize", %{
+        "authorization" => %{
+          "name" => user.nickname,
+          "password" => "wrong",
+          "client_id" => app.client_id,
+          "redirect_uri" => app.redirect_uris,
+          "state" => "statepassed"
+        }
+      })
+      |> html_response(:unauthorized)
+
+    # Keep the details
+    assert result =~ app.client_id
+    assert result =~ app.redirect_uris
+
+    # Error message
+    assert result =~ "Invalid"
+  end
+
   test "issues a token for an all-body request" do
     user = insert(:user)
     app = insert(:oauth_app)
-- 
cgit v1.2.3


From 8bb7e19b3814e261e66c2d3592d146f72d4ce623 Mon Sep 17 00:00:00 2001
From: "Haelwenn (lanodan) Monnier" <contact@hacktivis.me>
Date: Sun, 10 Feb 2019 22:57:38 +0100
Subject: test: de-group alias/es

---
 test/web/oauth/oauth_controller_test.exs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'test/web/oauth/oauth_controller_test.exs')

diff --git a/test/web/oauth/oauth_controller_test.exs b/test/web/oauth/oauth_controller_test.exs
index e0d3cb55f..2315f9a34 100644
--- a/test/web/oauth/oauth_controller_test.exs
+++ b/test/web/oauth/oauth_controller_test.exs
@@ -7,7 +7,8 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do
   import Pleroma.Factory
 
   alias Pleroma.Repo
-  alias Pleroma.Web.OAuth.{Authorization, Token}
+  alias Pleroma.Web.OAuth.Authorization
+  alias Pleroma.Web.OAuth.Token
 
   test "redirects with oauth authorization" do
     user = insert(:user)
-- 
cgit v1.2.3