From 09dcb2b5227d797363d350f4e9ee2f54e1e31af2 Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Tue, 10 Aug 2021 19:42:03 +0200 Subject: TwitterAPI: Make change_password require body params instead of query Closes: https://git.pleroma.social/pleroma/pleroma/-/issues/2740 --- .../web/twitter_api/util_controller_test.exs | 80 ++++++++++------------ 1 file changed, 36 insertions(+), 44 deletions(-) (limited to 'test') diff --git a/test/pleroma/web/twitter_api/util_controller_test.exs b/test/pleroma/web/twitter_api/util_controller_test.exs index cc17940b5..fe3d99272 100644 --- a/test/pleroma/web/twitter_api/util_controller_test.exs +++ b/test/pleroma/web/twitter_api/util_controller_test.exs @@ -356,15 +356,12 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do conn = conn |> assign(:token, nil) - |> post( - "/api/pleroma/change_password?#{ - URI.encode_query(%{ - password: "hi", - new_password: "newpass", - new_password_confirmation: "newpass" - }) - }" - ) + |> put_req_header("content-type", "multipart/form-data") + |> post("/api/pleroma/change_password", %{ + "password" => "hi", + "new_password" => "newpass", + "new_password_confirmation" => "newpass" + }) assert json_response_and_validate_schema(conn, 403) == %{ "error" => "Insufficient permissions: write:accounts." @@ -373,16 +370,13 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do test "with proper permissions and invalid password", %{conn: conn} do conn = - post( - conn, - "/api/pleroma/change_password?#{ - URI.encode_query(%{ - password: "hi", - new_password: "newpass", - new_password_confirmation: "newpass" - }) - }" - ) + conn + |> put_req_header("content-type", "multipart/form-data") + |> post("/api/pleroma/change_password", %{ + "password" => "hi", + "new_password" => "newpass", + "new_password_confirmation" => "newpass" + }) assert json_response_and_validate_schema(conn, 200) == %{"error" => "Invalid password."} end @@ -392,16 +386,13 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do conn: conn } do conn = - post( - conn, - "/api/pleroma/change_password?#{ - URI.encode_query(%{ - password: "test", - new_password: "newpass", - new_password_confirmation: "notnewpass" - }) - }" - ) + conn + |> put_req_header("content-type", "multipart/form-data") + |> post("/api/pleroma/change_password", %{ + "password" => "test", + "new_password" => "newpass", + "new_password_confirmation" => "notnewpass" + }) assert json_response_and_validate_schema(conn, 200) == %{ "error" => "New password does not match confirmation." @@ -412,12 +403,13 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do conn: conn } do conn = - post( - conn, - "/api/pleroma/change_password?#{ - URI.encode_query(%{password: "test", new_password: "", new_password_confirmation: ""}) - }" - ) + conn + |> put_req_header("content-type", "multipart/form-data") + |> post("/api/pleroma/change_password", %{ + password: "test", + new_password: "", + new_password_confirmation: "" + }) assert json_response_and_validate_schema(conn, 200) == %{ "error" => "New password can't be blank." @@ -429,15 +421,15 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do user: user } do conn = - post( - conn, - "/api/pleroma/change_password?#{ - URI.encode_query(%{ - password: "test", - new_password: "newpass", - new_password_confirmation: "newpass" - }) - }" + conn + |> put_req_header("content-type", "multipart/form-data") + |> post( + "/api/pleroma/change_password", + %{ + password: "test", + new_password: "newpass", + new_password_confirmation: "newpass" + } ) assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"} -- cgit v1.2.3 From 197cdebca936fd01175476036f1230167bf353bc Mon Sep 17 00:00:00 2001 From: "Haelwenn (lanodan) Monnier" Date: Tue, 10 Aug 2021 20:33:00 +0200 Subject: TwitterAPI: Make change_email require body params instead of query --- .../web/twitter_api/util_controller_test.exs | 51 +++++++++------------- 1 file changed, 21 insertions(+), 30 deletions(-) (limited to 'test') diff --git a/test/pleroma/web/twitter_api/util_controller_test.exs b/test/pleroma/web/twitter_api/util_controller_test.exs index fe3d99272..f030483d8 100644 --- a/test/pleroma/web/twitter_api/util_controller_test.exs +++ b/test/pleroma/web/twitter_api/util_controller_test.exs @@ -261,11 +261,8 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do conn = conn |> assign(:token, nil) - |> post( - "/api/pleroma/change_email?#{ - URI.encode_query(%{password: "hi", email: "test@test.com"}) - }" - ) + |> put_req_header("content-type", "multipart/form-data") + |> post("/api/pleroma/change_email", %{password: "hi", email: "test@test.com"}) assert json_response_and_validate_schema(conn, 403) == %{ "error" => "Insufficient permissions: write:accounts." @@ -274,12 +271,9 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do test "with proper permissions and invalid password", %{conn: conn} do conn = - post( - conn, - "/api/pleroma/change_email?#{ - URI.encode_query(%{password: "hi", email: "test@test.com"}) - }" - ) + conn + |> put_req_header("content-type", "multipart/form-data") + |> post("/api/pleroma/change_email", %{password: "hi", email: "test@test.com"}) assert json_response_and_validate_schema(conn, 200) == %{"error" => "Invalid password."} end @@ -288,10 +282,9 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do conn: conn } do conn = - post( - conn, - "/api/pleroma/change_email?#{URI.encode_query(%{password: "test", email: "foobar"})}" - ) + conn + |> put_req_header("content-type", "multipart/form-data") + |> post("/api/pleroma/change_email", %{password: "test", email: "foobar"}) assert json_response_and_validate_schema(conn, 200) == %{ "error" => "Email has invalid format." @@ -301,7 +294,10 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do test "with proper permissions, valid password and no email", %{ conn: conn } do - conn = post(conn, "/api/pleroma/change_email?#{URI.encode_query(%{password: "test"})}") + conn = + conn + |> put_req_header("content-type", "multipart/form-data") + |> post("/api/pleroma/change_email", %{password: "test"}) assert %{"error" => "Missing field: email."} = json_response_and_validate_schema(conn, 400) end @@ -310,10 +306,9 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do conn: conn } do conn = - post( - conn, - "/api/pleroma/change_email?#{URI.encode_query(%{password: "test", email: ""})}" - ) + conn + |> put_req_header("content-type", "multipart/form-data") + |> post("/api/pleroma/change_email", %{password: "test", email: ""}) assert json_response_and_validate_schema(conn, 200) == %{"error" => "Email can't be blank."} end @@ -324,10 +319,9 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do user = insert(:user) conn = - post( - conn, - "/api/pleroma/change_email?#{URI.encode_query(%{password: "test", email: user.email})}" - ) + conn + |> put_req_header("content-type", "multipart/form-data") + |> post("/api/pleroma/change_email", %{password: "test", email: user.email}) assert json_response_and_validate_schema(conn, 200) == %{ "error" => "Email has already been taken." @@ -338,12 +332,9 @@ defmodule Pleroma.Web.TwitterAPI.UtilControllerTest do conn: conn } do conn = - post( - conn, - "/api/pleroma/change_email?#{ - URI.encode_query(%{password: "test", email: "cofe@foobar.com"}) - }" - ) + conn + |> put_req_header("content-type", "multipart/form-data") + |> post("/api/pleroma/change_email", %{password: "test", email: "cofe@foobar.com"}) assert json_response_and_validate_schema(conn, 200) == %{"status" => "success"} end -- cgit v1.2.3