From aed0f902871524ecc1db0d8c088ce5939e7c685a Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Tue, 18 Dec 2018 14:07:05 +0300 Subject: [#114] Added `pleroma.confirmation_pending` to user views, adjusted view tests. --- test/web/mastodon_api/account_view_test.exs | 10 ++++++++-- test/web/twitter_api/views/user_view_test.exs | 20 ++++++++++++++++---- 2 files changed, 24 insertions(+), 6 deletions(-) (limited to 'test') diff --git a/test/web/mastodon_api/account_view_test.exs b/test/web/mastodon_api/account_view_test.exs index 3cb9b9c5b..fec97c700 100644 --- a/test/web/mastodon_api/account_view_test.exs +++ b/test/web/mastodon_api/account_view_test.exs @@ -55,7 +55,10 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do privacy: "public", sensitive: false }, - pleroma: %{tags: []} + pleroma: %{ + confirmation_pending: false, + tags: [] + } } assert expected == AccountView.render("account.json", %{user: user}) @@ -93,7 +96,10 @@ defmodule Pleroma.Web.MastodonAPI.AccountViewTest do privacy: "public", sensitive: false }, - pleroma: %{tags: []} + pleroma: %{ + confirmation_pending: false, + tags: [] + } } assert expected == AccountView.render("account.json", %{user: user}) diff --git a/test/web/twitter_api/views/user_view_test.exs b/test/web/twitter_api/views/user_view_test.exs index 34e6d4e27..0adc69ff9 100644 --- a/test/web/twitter_api/views/user_view_test.exs +++ b/test/web/twitter_api/views/user_view_test.exs @@ -96,7 +96,10 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do "default_scope" => "public", "no_rich_text" => false, "fields" => [], - "pleroma" => %{"tags" => []} + "pleroma" => %{ + "confirmation_pending" => false, + "tags" => [] + } } assert represented == UserView.render("show.json", %{user: user}) @@ -138,7 +141,10 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do "default_scope" => "public", "no_rich_text" => false, "fields" => [], - "pleroma" => %{"tags" => []} + "pleroma" => %{ + "confirmation_pending" => false, + "tags" => [] + } } assert represented == UserView.render("show.json", %{user: user, for: follower}) @@ -181,7 +187,10 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do "default_scope" => "public", "no_rich_text" => false, "fields" => [], - "pleroma" => %{"tags" => []} + "pleroma" => %{ + "confirmation_pending" => false, + "tags" => [] + } } assert represented == UserView.render("show.json", %{user: follower, for: user}) @@ -231,7 +240,10 @@ defmodule Pleroma.Web.TwitterAPI.UserViewTest do "default_scope" => "public", "no_rich_text" => false, "fields" => [], - "pleroma" => %{"tags" => []} + "pleroma" => %{ + "confirmation_pending" => false, + "tags" => [] + } } blocker = Repo.get(User, blocker.id) -- cgit v1.2.3 From b096e30cffc79a4adf12be88da412a290cd0d190 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Tue, 18 Dec 2018 17:13:52 +0300 Subject: [#114] Added email confirmation resend action. Added tests for registration, authentication, email confirmation, confirmation resending. Made admin methods create confirmed users. --- test/user_test.exs | 42 ++++++++++++++ test/web/oauth/oauth_controller_test.exs | 50 +++++++++++++++++ .../twitter_api/twitter_api_controller_test.exs | 64 ++++++++++++++++++++++ test/web/twitter_api/twitter_api_test.exs | 25 +++++++++ 4 files changed, 181 insertions(+) (limited to 'test') diff --git a/test/user_test.exs b/test/user_test.exs index 1e73770df..b4d8174c6 100644 --- a/test/user_test.exs +++ b/test/user_test.exs @@ -177,6 +177,48 @@ defmodule Pleroma.UserTest do end end + describe "user registration, with :account_activation_required" do + @full_user_data %{ + bio: "A guy", + name: "my name", + nickname: "nick", + password: "test", + password_confirmation: "test", + email: "email@example.com" + } + + setup do + setting = Pleroma.Config.get([:instance, :account_activation_required]) + + unless setting do + Pleroma.Config.put([:instance, :account_activation_required], true) + on_exit(fn -> Pleroma.Config.put([:instance, :account_activation_required], setting) end) + end + + :ok + end + + test "it creates unconfirmed user" do + changeset = User.register_changeset(%User{}, @full_user_data) + assert changeset.valid? + + {:ok, user} = Repo.insert(changeset) + + assert user.info.confirmation_pending + assert user.info.confirmation_token + end + + test "it creates confirmed user if :confirmed option is given" do + changeset = User.register_changeset(%User{}, @full_user_data, confirmed: true) + assert changeset.valid? + + {:ok, user} = Repo.insert(changeset) + + refute user.info.confirmation_pending + refute user.info.confirmation_token + end + end + describe "get_or_fetch/1" do test "gets an existing user by nickname" do user = insert(:user) diff --git a/test/web/oauth/oauth_controller_test.exs b/test/web/oauth/oauth_controller_test.exs index 3a902f128..55b471d8a 100644 --- a/test/web/oauth/oauth_controller_test.exs +++ b/test/web/oauth/oauth_controller_test.exs @@ -50,6 +50,26 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do assert Repo.get_by(Token, token: token) end + test "issues a token for `password` grant_type with valid credentials" do + password = "testpassword" + user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password)) + + app = insert(:oauth_app) + + conn = + build_conn() + |> post("/oauth/token", %{ + "grant_type" => "password", + "username" => user.nickname, + "password" => password, + "client_id" => app.client_id, + "client_secret" => app.client_secret + }) + + assert %{"access_token" => token} = json_response(conn, 200) + assert Repo.get_by(Token, token: token) + end + test "issues a token for request with HTTP basic auth client credentials" do user = insert(:user) app = insert(:oauth_app) @@ -93,6 +113,36 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do refute Map.has_key?(resp, "access_token") end + test "rejects token exchange for valid credentials belonging to unconfirmed user" do + password = "testpassword" + user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password)) + info_change = Pleroma.User.Info.confirmation_update(user.info, :unconfirmed) + + {:ok, user} = + user + |> Ecto.Changeset.change() + |> Ecto.Changeset.put_embed(:info, info_change) + |> Repo.update() + + refute Pleroma.User.auth_active?(user) + + app = insert(:oauth_app) + + conn = + build_conn() + |> post("/oauth/token", %{ + "grant_type" => "password", + "username" => user.nickname, + "password" => password, + "client_id" => app.client_id, + "client_secret" => app.client_secret + }) + + assert resp = json_response(conn, 403) + assert %{"error" => _} = resp + refute Map.has_key?(resp, "access_token") + end + test "rejects an invalid authorization code" do app = insert(:oauth_app) diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs index c16c0cdc0..eb154608c 100644 --- a/test/web/twitter_api/twitter_api_controller_test.exs +++ b/test/web/twitter_api/twitter_api_controller_test.exs @@ -873,6 +873,70 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do end end + describe "GET /api/account/confirm_email/:token" do + setup do + user = insert(:user) + info_change = User.Info.confirmation_update(user.info, :unconfirmed) + + {:ok, user} = + user + |> Changeset.change() + |> Changeset.put_embed(:info, info_change) + |> Repo.update() + + assert user.info.confirmation_pending + + [user: user] + end + + test "it redirects to root url", %{conn: conn, user: user} do + conn = get(conn, "/api/account/confirm_email/#{user.info.confirmation_token}") + + assert 302 == conn.status + end + + test "it confirms the user account", %{conn: conn, user: user} do + get(conn, "/api/account/confirm_email/#{user.info.confirmation_token}") + + user = Repo.get(User, user.id) + + refute user.info.confirmation_pending + refute user.info.confirmation_token + end + end + + describe "POST /api/account/resend_confirmation_email" do + setup do + user = insert(:user) + info_change = User.Info.confirmation_update(user.info, :unconfirmed) + + {:ok, user} = + user + |> Changeset.change() + |> Changeset.put_embed(:info, info_change) + |> Repo.update() + + assert user.info.confirmation_pending + + [user: user] + end + + test "it returns 204 No Content", %{conn: conn, user: user} do + conn + |> assign(:user, user) + |> post("/api/account/resend_confirmation_email?email=#{user.email}") + |> json_response(:no_content) + end + + test "it sends confirmation email", %{conn: conn, user: user} do + conn + |> assign(:user, user) + |> post("/api/account/resend_confirmation_email?email=#{user.email}") + + Swoosh.TestAssertions.assert_email_sent(Pleroma.UserEmail.account_confirmation_email(user)) + end + end + describe "GET /api/externalprofile/show" do test "it returns the user", %{conn: conn} do user = insert(:user) diff --git a/test/web/twitter_api/twitter_api_test.exs b/test/web/twitter_api/twitter_api_test.exs index 3d3a637b7..b7c89b605 100644 --- a/test/web/twitter_api/twitter_api_test.exs +++ b/test/web/twitter_api/twitter_api_test.exs @@ -275,6 +275,31 @@ defmodule Pleroma.Web.TwitterAPI.TwitterAPITest do UserView.render("show.json", %{user: fetched_user}) end + @moduletag skip: "needs 'account_activation_required: true' in config" + test "it sends confirmation email if :account_activation_required is specified in instance config" do + setting = Pleroma.Config.get([:instance, :account_activation_required]) + + unless setting do + Pleroma.Config.put([:instance, :account_activation_required], true) + on_exit(fn -> Pleroma.Config.put([:instance, :account_activation_required], setting) end) + end + + data = %{ + "nickname" => "lain", + "email" => "lain@wired.jp", + "fullname" => "lain iwakura", + "bio" => "", + "password" => "bear", + "confirm" => "bear" + } + + {:ok, user} = TwitterAPI.register_user(data) + + assert user.info.confirmation_pending + + Swoosh.TestAssertions.assert_email_sent(Pleroma.UserEmail.account_confirmation_email(user)) + end + test "it registers a new user and parses mentions in the bio" do data1 = %{ "nickname" => "john", -- cgit v1.2.3 From 59fc5d15dfde0120fb10ec14631ad1115a6087a9 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Wed, 19 Dec 2018 16:27:16 +0300 Subject: [#114] User.Info: renamed `confirmation_update` to `confirmation_change`. --- test/web/oauth/oauth_controller_test.exs | 2 +- test/web/twitter_api/twitter_api_controller_test.exs | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'test') diff --git a/test/web/oauth/oauth_controller_test.exs b/test/web/oauth/oauth_controller_test.exs index 55b471d8a..26505bab7 100644 --- a/test/web/oauth/oauth_controller_test.exs +++ b/test/web/oauth/oauth_controller_test.exs @@ -116,7 +116,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do test "rejects token exchange for valid credentials belonging to unconfirmed user" do password = "testpassword" user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password)) - info_change = Pleroma.User.Info.confirmation_update(user.info, :unconfirmed) + info_change = Pleroma.User.Info.confirmation_change(user.info, :unconfirmed) {:ok, user} = user diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs index eb154608c..a269c9757 100644 --- a/test/web/twitter_api/twitter_api_controller_test.exs +++ b/test/web/twitter_api/twitter_api_controller_test.exs @@ -876,7 +876,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do describe "GET /api/account/confirm_email/:token" do setup do user = insert(:user) - info_change = User.Info.confirmation_update(user.info, :unconfirmed) + info_change = User.Info.confirmation_change(user.info, :unconfirmed) {:ok, user} = user @@ -908,7 +908,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do describe "POST /api/account/resend_confirmation_email" do setup do user = insert(:user) - info_change = User.Info.confirmation_update(user.info, :unconfirmed) + info_change = User.Info.confirmation_change(user.info, :unconfirmed) {:ok, user} = user -- cgit v1.2.3 From 968d7490b689ba501a64f350841dc8f9b33b5244 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Wed, 19 Dec 2018 16:27:16 +0300 Subject: [#114] User.Info: renamed `confirmation_update` to `confirmation_changeset`. --- test/web/oauth/oauth_controller_test.exs | 2 +- test/web/twitter_api/twitter_api_controller_test.exs | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) (limited to 'test') diff --git a/test/web/oauth/oauth_controller_test.exs b/test/web/oauth/oauth_controller_test.exs index 26505bab7..0621a8acc 100644 --- a/test/web/oauth/oauth_controller_test.exs +++ b/test/web/oauth/oauth_controller_test.exs @@ -116,7 +116,7 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do test "rejects token exchange for valid credentials belonging to unconfirmed user" do password = "testpassword" user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password)) - info_change = Pleroma.User.Info.confirmation_change(user.info, :unconfirmed) + info_change = Pleroma.User.Info.confirmation_changeset(user.info, :unconfirmed) {:ok, user} = user diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs index a269c9757..53b390793 100644 --- a/test/web/twitter_api/twitter_api_controller_test.exs +++ b/test/web/twitter_api/twitter_api_controller_test.exs @@ -876,7 +876,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do describe "GET /api/account/confirm_email/:token" do setup do user = insert(:user) - info_change = User.Info.confirmation_change(user.info, :unconfirmed) + info_change = User.Info.confirmation_changeset(user.info, :unconfirmed) {:ok, user} = user @@ -908,7 +908,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do describe "POST /api/account/resend_confirmation_email" do setup do user = insert(:user) - info_change = User.Info.confirmation_change(user.info, :unconfirmed) + info_change = User.Info.confirmation_changeset(user.info, :unconfirmed) {:ok, user} = user -- cgit v1.2.3 From f69cbf4755b974de0303731327180bb51ed244fc Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Thu, 20 Dec 2018 13:41:30 +0300 Subject: [#114] Added :user_id component to email confirmation path to improve the security. Added tests for `confirm_email` action. --- test/web/twitter_api/twitter_api_controller_test.exs | 18 +++++++++++++++--- 1 file changed, 15 insertions(+), 3 deletions(-) (limited to 'test') diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs index 53b390793..16422c35a 100644 --- a/test/web/twitter_api/twitter_api_controller_test.exs +++ b/test/web/twitter_api/twitter_api_controller_test.exs @@ -873,7 +873,7 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do end end - describe "GET /api/account/confirm_email/:token" do + describe "GET /api/account/confirm_email/:id/:token" do setup do user = insert(:user) info_change = User.Info.confirmation_changeset(user.info, :unconfirmed) @@ -890,19 +890,31 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do end test "it redirects to root url", %{conn: conn, user: user} do - conn = get(conn, "/api/account/confirm_email/#{user.info.confirmation_token}") + conn = get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}") assert 302 == conn.status end test "it confirms the user account", %{conn: conn, user: user} do - get(conn, "/api/account/confirm_email/#{user.info.confirmation_token}") + get(conn, "/api/account/confirm_email/#{user.id}/#{user.info.confirmation_token}") user = Repo.get(User, user.id) refute user.info.confirmation_pending refute user.info.confirmation_token end + + test "it returns 500 if user cannot be found by id", %{conn: conn, user: user} do + conn = get(conn, "/api/account/confirm_email/0/#{user.info.confirmation_token}") + + assert 500 == conn.status + end + + test "it returns 500 if token is invalid", %{conn: conn, user: user} do + conn = get(conn, "/api/account/confirm_email/#{user.id}/wrong_token") + + assert 500 == conn.status + end end describe "POST /api/account/resend_confirmation_email" do -- cgit v1.2.3 From 7cab7de9ff0432a582cfca0852a4b66fdd124c41 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Thu, 20 Dec 2018 14:48:48 +0300 Subject: [#114] Allowed unconfirmed users to authenticate if :account_activation_required is disabled prior to confirmation. Ensured that no confirmation emails are sent if :account_activation_required is not true. Adjusted tests. --- test/web/twitter_api/twitter_api_controller_test.exs | 7 +++++++ 1 file changed, 7 insertions(+) (limited to 'test') diff --git a/test/web/twitter_api/twitter_api_controller_test.exs b/test/web/twitter_api/twitter_api_controller_test.exs index 16422c35a..1324bcc71 100644 --- a/test/web/twitter_api/twitter_api_controller_test.exs +++ b/test/web/twitter_api/twitter_api_controller_test.exs @@ -919,6 +919,13 @@ defmodule Pleroma.Web.TwitterAPI.ControllerTest do describe "POST /api/account/resend_confirmation_email" do setup do + setting = Pleroma.Config.get([:instance, :account_activation_required]) + + unless setting do + Pleroma.Config.put([:instance, :account_activation_required], true) + on_exit(fn -> Pleroma.Config.put([:instance, :account_activation_required], setting) end) + end + user = insert(:user) info_change = User.Info.confirmation_changeset(user.info, :unconfirmed) -- cgit v1.2.3 From 851db74f1ca533f27f72f1341571948b15d2f561 Mon Sep 17 00:00:00 2001 From: Ivan Tashkinov Date: Thu, 20 Dec 2018 15:23:16 +0300 Subject: [#114] Fixed test. --- test/web/oauth/oauth_controller_test.exs | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) (limited to 'test') diff --git a/test/web/oauth/oauth_controller_test.exs b/test/web/oauth/oauth_controller_test.exs index 0621a8acc..52441407d 100644 --- a/test/web/oauth/oauth_controller_test.exs +++ b/test/web/oauth/oauth_controller_test.exs @@ -113,7 +113,14 @@ defmodule Pleroma.Web.OAuth.OAuthControllerTest do refute Map.has_key?(resp, "access_token") end - test "rejects token exchange for valid credentials belonging to unconfirmed user" do + test "rejects token exchange for valid credentials belonging to unconfirmed user and confirmation is required" do + setting = Pleroma.Config.get([:instance, :account_activation_required]) + + unless setting do + Pleroma.Config.put([:instance, :account_activation_required], true) + on_exit(fn -> Pleroma.Config.put([:instance, :account_activation_required], setting) end) + end + password = "testpassword" user = insert(:user, password_hash: Comeonin.Pbkdf2.hashpwsalt(password)) info_change = Pleroma.User.Info.confirmation_changeset(user.info, :unconfirmed) -- cgit v1.2.3