From a3a9cec4835738216800d2cebd295fb8dbf10f34 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Tue, 5 Mar 2019 03:52:23 +0100 Subject: [Credo] fix Credo.Check.Readability.AliasOrder --- test/web/oauth/authorization_test.exs | 2 +- test/web/oauth/token_test.exs | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'test/web/oauth') diff --git a/test/web/oauth/authorization_test.exs b/test/web/oauth/authorization_test.exs index 306db2e62..d8b008437 100644 --- a/test/web/oauth/authorization_test.exs +++ b/test/web/oauth/authorization_test.exs @@ -4,8 +4,8 @@ defmodule Pleroma.Web.OAuth.AuthorizationTest do use Pleroma.DataCase - alias Pleroma.Web.OAuth.Authorization alias Pleroma.Web.OAuth.App + alias Pleroma.Web.OAuth.Authorization import Pleroma.Factory setup do diff --git a/test/web/oauth/token_test.exs b/test/web/oauth/token_test.exs index 62444a0fa..ad2a49f09 100644 --- a/test/web/oauth/token_test.exs +++ b/test/web/oauth/token_test.exs @@ -4,10 +4,10 @@ defmodule Pleroma.Web.OAuth.TokenTest do use Pleroma.DataCase + alias Pleroma.Repo alias Pleroma.Web.OAuth.App alias Pleroma.Web.OAuth.Authorization alias Pleroma.Web.OAuth.Token - alias Pleroma.Repo import Pleroma.Factory -- cgit v1.2.3 From a070dd4a83788dfd76809d8b4ee4111b05cdff47 Mon Sep 17 00:00:00 2001 From: link0ff Date: Fri, 15 Mar 2019 16:28:46 +0200 Subject: Add tests for LDAP authorization --- test/web/oauth/ldap_authorization_test.exs | 187 +++++++++++++++++++++++++++++ 1 file changed, 187 insertions(+) create mode 100644 test/web/oauth/ldap_authorization_test.exs (limited to 'test/web/oauth') diff --git a/test/web/oauth/ldap_authorization_test.exs b/test/web/oauth/ldap_authorization_test.exs new file mode 100644 index 000000000..570e41f3e --- /dev/null +++ b/test/web/oauth/ldap_authorization_test.exs @@ -0,0 +1,187 @@ +# Pleroma: A lightweight social networking server +# Copyright © 2017-2019 Pleroma Authors +# SPDX-License-Identifier: AGPL-3.0-only + +defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do + use Pleroma.Web.ConnCase + alias Pleroma.Repo + alias Pleroma.Web.OAuth.Token + import Pleroma.Factory + import ExUnit.CaptureLog + import Mock + + setup_all do + ldap_authenticator = Pleroma.Config.get([Pleroma.Web.Auth.Authenticator]) + ldap_enabled = Pleroma.Config.get([:ldap, :enabled]) + + on_exit(fn -> + Pleroma.Config.put([Pleroma.Web.Auth.Authenticator], ldap_authenticator) + Pleroma.Config.put([:ldap, :enabled], ldap_enabled) + end) + + Pleroma.Config.put([Pleroma.Web.Auth.Authenticator], Pleroma.Web.Auth.LDAPAuthenticator) + Pleroma.Config.put([:ldap, :enabled], true) + + :ok + end + + test "authorizes the existing user using LDAP credentials" do + password = "testpassword" + user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password)) + app = insert(:oauth_app, scopes: ["read", "write"]) + + host = Pleroma.Config.get([:ldap, :host]) |> to_charlist + port = Pleroma.Config.get([:ldap, :port]) + + with_mocks [ + {:eldap, [], + [ + open: fn [^host], [{:port, ^port}, {:ssl, false} | _] -> {:ok, self()} end, + simple_bind: fn _connection, _dn, ^password -> :ok end, + close: fn _connection -> + send(self(), :close_connection) + :ok + end + ]} + ] do + conn = + build_conn() + |> post("/oauth/token", %{ + "grant_type" => "password", + "username" => user.nickname, + "password" => password, + "client_id" => app.client_id, + "client_secret" => app.client_secret + }) + + assert %{"access_token" => token} = json_response(conn, 200) + + token = Repo.get_by(Token, token: token) + + assert token.user_id == user.id + assert_received :close_connection + end + end + + test "creates a new user after successful LDAP authorization" do + password = "testpassword" + user = build(:user) + app = insert(:oauth_app, scopes: ["read", "write"]) + + host = Pleroma.Config.get([:ldap, :host]) |> to_charlist + port = Pleroma.Config.get([:ldap, :port]) + + with_mocks [ + {:eldap, [], + [ + open: fn [^host], [{:port, ^port}, {:ssl, false} | _] -> {:ok, self()} end, + simple_bind: fn _connection, _dn, ^password -> :ok end, + equalityMatch: fn _type, _value -> :ok end, + wholeSubtree: fn -> :ok end, + search: fn _connection, _options -> + {:ok, + {:eldap_search_result, [{:eldap_entry, '', [{'mail', [to_charlist(user.email)]}]}], + []}} + end, + close: fn _connection -> + send(self(), :close_connection) + :ok + end + ]} + ] do + conn = + build_conn() + |> post("/oauth/token", %{ + "grant_type" => "password", + "username" => user.nickname, + "password" => password, + "client_id" => app.client_id, + "client_secret" => app.client_secret + }) + + assert %{"access_token" => token} = json_response(conn, 200) + + token = Repo.get_by(Token, token: token) |> Repo.preload(:user) + + assert token.user.nickname == user.nickname + assert_received :close_connection + end + end + + test "falls back to the default authorization when LDAP is unavailable" do + password = "testpassword" + user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password)) + app = insert(:oauth_app, scopes: ["read", "write"]) + + host = Pleroma.Config.get([:ldap, :host]) |> to_charlist + port = Pleroma.Config.get([:ldap, :port]) + + with_mocks [ + {:eldap, [], + [ + open: fn [^host], [{:port, ^port}, {:ssl, false} | _] -> {:error, 'connect failed'} end, + simple_bind: fn _connection, _dn, ^password -> :ok end, + close: fn _connection -> + send(self(), :close_connection) + :ok + end + ]} + ] do + log = + capture_log(fn -> + conn = + build_conn() + |> post("/oauth/token", %{ + "grant_type" => "password", + "username" => user.nickname, + "password" => password, + "client_id" => app.client_id, + "client_secret" => app.client_secret + }) + + assert %{"access_token" => token} = json_response(conn, 200) + + token = Repo.get_by(Token, token: token) + + assert token.user_id == user.id + end) + + assert log =~ "Could not open LDAP connection: 'connect failed'" + refute_received :close_connection + end + end + + test "disallow authorization for wrong LDAP credentials" do + password = "testpassword" + user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password)) + app = insert(:oauth_app, scopes: ["read", "write"]) + + host = Pleroma.Config.get([:ldap, :host]) |> to_charlist + port = Pleroma.Config.get([:ldap, :port]) + + with_mocks [ + {:eldap, [], + [ + open: fn [^host], [{:port, ^port}, {:ssl, false} | _] -> {:ok, self()} end, + simple_bind: fn _connection, _dn, ^password -> {:error, :invalidCredentials} end, + close: fn _connection -> + send(self(), :close_connection) + :ok + end + ]} + ] do + conn = + build_conn() + |> post("/oauth/token", %{ + "grant_type" => "password", + "username" => user.nickname, + "password" => password, + "client_id" => app.client_id, + "client_secret" => app.client_secret + }) + + assert %{"error" => "Invalid credentials"} = json_response(conn, 400) + assert_received :close_connection + end + end +end -- cgit v1.2.3 From e0edc706cfe1a625ce5bf35e1935cfdc8b251edc Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 16 Mar 2019 01:12:50 +0000 Subject: oauth: add me property to token responses --- test/web/oauth/oauth_controller_test.exs | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'test/web/oauth') diff --git a/test/web/oauth/oauth_controller_test.exs b/test/web/oauth/oauth_controller_test.exs index ed94416ff..ff1e56fe9 100644 --- a/test/web/oauth/oauth_controller_test.exs +++ b/test/web/oauth/oauth_controller_test.exs @@ -132,11 +132,12 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do "client_secret" => app.client_secret }) - assert %{"access_token" => token} = json_response(conn, 200) + assert %{"access_token" => token, "me" => ap_id} = json_response(conn, 200) token = Repo.get_by(Token, token: token) assert token assert token.scopes == auth.scopes + assert user.ap_id == ap_id end test "issues a token for `password` grant_type with valid credentials, with full permissions by default" do -- cgit v1.2.3 From 40134598a88ec9123696bf42e49332520c9c7b6e Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sat, 16 Mar 2019 04:05:19 +0000 Subject: test: fix defective ldap setup/teardown --- test/web/oauth/ldap_authorization_test.exs | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) (limited to 'test/web/oauth') diff --git a/test/web/oauth/ldap_authorization_test.exs b/test/web/oauth/ldap_authorization_test.exs index 570e41f3e..5bf7eb93c 100644 --- a/test/web/oauth/ldap_authorization_test.exs +++ b/test/web/oauth/ldap_authorization_test.exs @@ -11,15 +11,17 @@ defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do import Mock setup_all do - ldap_authenticator = Pleroma.Config.get([Pleroma.Web.Auth.Authenticator]) + ldap_authenticator = + Pleroma.Config.get(Pleroma.Web.Auth.Authenticator, Pleroma.Web.Auth.PleromaAuthenticator) + ldap_enabled = Pleroma.Config.get([:ldap, :enabled]) on_exit(fn -> - Pleroma.Config.put([Pleroma.Web.Auth.Authenticator], ldap_authenticator) + Pleroma.Config.put(Pleroma.Web.Auth.Authenticator, ldap_authenticator) Pleroma.Config.put([:ldap, :enabled], ldap_enabled) end) - Pleroma.Config.put([Pleroma.Web.Auth.Authenticator], Pleroma.Web.Auth.LDAPAuthenticator) + Pleroma.Config.put(Pleroma.Web.Auth.Authenticator, Pleroma.Web.Auth.LDAPAuthenticator) Pleroma.Config.put([:ldap, :enabled], true) :ok -- cgit v1.2.3 From f858df819bf619bada7468f48b945cfab7f52ad0 Mon Sep 17 00:00:00 2001 From: link0ff Date: Thu, 21 Mar 2019 12:31:16 +0200 Subject: Skip tests in LDAPAuthorizationTest if :eldap module is unavailable --- test/web/oauth/ldap_authorization_test.exs | 6 ++++++ 1 file changed, 6 insertions(+) (limited to 'test/web/oauth') diff --git a/test/web/oauth/ldap_authorization_test.exs b/test/web/oauth/ldap_authorization_test.exs index 5bf7eb93c..0eb191c76 100644 --- a/test/web/oauth/ldap_authorization_test.exs +++ b/test/web/oauth/ldap_authorization_test.exs @@ -10,6 +10,8 @@ defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do import ExUnit.CaptureLog import Mock + @skip if !Code.ensure_loaded?(:eldap), do: :skip + setup_all do ldap_authenticator = Pleroma.Config.get(Pleroma.Web.Auth.Authenticator, Pleroma.Web.Auth.PleromaAuthenticator) @@ -27,6 +29,7 @@ defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do :ok end + @tag @skip test "authorizes the existing user using LDAP credentials" do password = "testpassword" user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password)) @@ -65,6 +68,7 @@ defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do end end + @tag @skip test "creates a new user after successful LDAP authorization" do password = "testpassword" user = build(:user) @@ -110,6 +114,7 @@ defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do end end + @tag @skip test "falls back to the default authorization when LDAP is unavailable" do password = "testpassword" user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password)) @@ -153,6 +158,7 @@ defmodule Pleroma.Web.OAuth.LDAPAuthorizationTest do end end + @tag @skip test "disallow authorization for wrong LDAP credentials" do password = "testpassword" user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password)) -- cgit v1.2.3 From 263ca3dea2620aa54d3b21b286e1bc1f8f3ed998 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Tue, 26 Mar 2019 15:09:06 +0300 Subject: Mastodon-based auth error messages. Defaulted User#auth_active?/1 to `true`. --- test/web/oauth/oauth_controller_test.exs | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'test/web/oauth') diff --git a/test/web/oauth/oauth_controller_test.exs b/test/web/oauth/oauth_controller_test.exs index ff1e56fe9..84ec7b4ee 100644 --- a/test/web/oauth/oauth_controller_test.exs +++ b/test/web/oauth/oauth_controller_test.exs @@ -87,7 +87,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do assert result =~ app.redirect_uris # Error message - assert result =~ "Permissions not specified" + assert result =~ "This action is outside the authorized scopes" end test "returns 401 for scopes beyond app scopes", %{conn: conn} do @@ -113,7 +113,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do assert result =~ app.redirect_uris # Error message - assert result =~ "Permissions not specified" + assert result =~ "This action is outside the authorized scopes" end test "issues a token for an all-body request" do -- cgit v1.2.3